Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9c23f857-b0b9-47d6-b664-47a3132066f4.exe

Overview

General Information

Sample name:9c23f857-b0b9-47d6-b664-47a3132066f4.exe
(renamed file extension from none to exe)
Original sample name:9c23f857-b0b9-47d6-b664-47a3132066f4
Analysis ID:1403894
MD5:8b92571e4f2e6ef1aafd903796a9c152
SHA1:f18491b49826dfbfc7760f08fd6d2339d15e0658
SHA256:0172a96a870e24b01533c188b0abc4063ecbcce6c080b88684d8129b67ff31c1
Infos:

Detection

Score:42
Range:0 - 100
Whitelisted:false
Confidence:100%

Compliance

Score:47
Range:0 - 100

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Contains functionality to infect the boot sector
Found API chain indicative of debugger detection
Found stalling execution ending in API Sleep call
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Query firmware table information (likely to detect VMs)
Tries to harvest and steal browser information (history, passwords, etc)
Abnormal high CPU Usage
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to call native functions
Contains functionality to check if a connection to the internet is available
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain (might use process or thread times for sandbox detection)
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • 9c23f857-b0b9-47d6-b664-47a3132066f4.exe (PID: 6920 cmdline: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe MD5: 8B92571E4F2E6EF1AAFD903796A9C152)
    • chrome.exe (PID: 3844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • chrome.exe (PID: 7248 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1808,i,5385278516166329545,13648946590053204352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • SetupEngine.exe (PID: 8088 cmdline: "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348 MD5: 599BAD8E7D2363415B86A08F4ACD243A)
      • cmd.exe (PID: 1060 cmdline: cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • diskspd.exe (PID: 3020 cmdline: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp MD5: FC41CABDD3C18079985AC5F648F58A90)
      • chrome.exe (PID: 3336 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
        • chrome.exe (PID: 3616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,7066265627927454762,6474202962807613593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
      • fast!.exe (PID: 3128 cmdline: C:\Program Files (x86)\Fast!\Fast!.exe MD5: A2EF6C8CCFBEEE722F02C9744272449A)
  • svchost.exe (PID: 7184 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • FastSRV.exe (PID: 1196 cmdline: C:\Program Files (x86)\Fast!\FastSRV.exe MD5: 99A0AFAF20877C3807D5EF292FACDDC7)
    • fast!.exe (PID: 7944 cmdline: C:\Program Files (x86)\fast!\fast!.exe MD5: A2EF6C8CCFBEEE722F02C9744272449A)
      • nw.exe (PID: 2540 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\. MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 1872 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
          • nw.exe (PID: 1856 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 2164 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 2080 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 1436 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 6692 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • explorer.exe (PID: 2580 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • nw.exe (PID: 2000 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 5948 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 7652 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
        • nw.exe (PID: 1832 cmdline: "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2 MD5: D6644E8A0C3C48607EC424BAE0FEB47E)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Windows Processes Suspicious Parent Directory
Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7184, ProcessName: svchost.exe

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for dropped file
Source: C:\Program Files (x86)\Fast!\fast!.exeReversingLabs: Detection: 25%
Multi AV Scanner detection for submitted file
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeVirustotal: Detection: 16%Perma Link
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installing2.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon
Source: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348HTTP Parser: No favicon

Compliance

barindex
Uses 32bit PE files
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
PE / OLE file has a valid certificate
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Binary contains paths to debug symbols
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb1] source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkertf.pdbb. source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdbdbh source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdb source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: core.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\SHELL32.dllimitives.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerapi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb] source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdbv source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: napi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DisplayStringtbase.pdb] source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .Appcore.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: help.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdbJ source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb% source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &Windows.Storage.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws.Storage.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerlient.pdbS source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: XmlLite.pdbb+ source: nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb!\nwjs\nw_elf.dllU source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerCatQ.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\DPAPI.dll.Appcore.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkscli.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AddressFamilyrust.pdbu source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\SYSTEM32\WTSAPI32.dllagementAPI.pdb( source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AppId_Catalogient.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerlpapi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winspool.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolBackgroundWorkerTypes.pdbi source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "CoreMessaging.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: powrprof.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ponents.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmp, FastSRV.exe, 0000000C.00000000.2271478988.000000000013F000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb&&h source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.UI.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\SYSTEM32\usermgrcli.dllnents.pdbT source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerhelp.pdbx source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CatQ.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\cfgmgr32.dllagementAPI.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: lient.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerpi.pdb_ source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernelbase.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369868093.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2372300418.000002291162F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: usermgrcli.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\system32\uxtheme.dllimitives.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: lpapi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: s.pdbd| source: nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tbase.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &twinapi.appcore.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: s.pdb source: nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp_win.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerobj.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: wtsapi32.pdb? source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 0000000F.00000000.2275695708.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbp source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tFramework.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Types.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbapterClient.dlllyq source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ient.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fmpeg.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\SYSTEM32\Wldp.dllws.Storage.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkscli.pdb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: agementAPI.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: propsys.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $Kernel.Appcore.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tf.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369868093.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bcryptprimitives.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: devobj.pdbb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb^ source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolServiceThreadbcrypt.pdbbc source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdbQ source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdbC source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc.pdbn source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nw.exe.pdb source: nw.exe, 00000013.00000003.2351550393.00000229132ED000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340089427.00000229132DD000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370845505.00000229132F5000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2361738929.00000229132F0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340641718.00000229132F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdbpdb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Framework.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 32.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb: source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psys.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "CoreMessaging.pdbb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\RMCLIENT.dllFramework.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\XmlLite.dlltFramework.pdb7PN source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkernapi.pdbb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdb/]" source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdbes.dll.mui1c source: nw.exe, 00000013.00000003.2377064946.0000022913312000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2366474011.000002291330F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340945712.000002291330A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernel32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000012.00000000.2305429138.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000003.2377064946.0000022913312000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000000.2309978949.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000003.2366474011.000002291330F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340945712.000002291330A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000014.00000000.2312012601.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2316369605.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2320562623.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2352294404.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000019.00000000.2362172002.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2450175208.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2468461405.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001E.00000000.2619034198.00007FF662515000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: wintrust.pdbu source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rk.pdb source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: InputHost.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: erenv.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wpnapps.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerpsys.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdb/ source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdbD source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wpnapps.pdb| source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\ADVAPI32.dllelf.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: XmlLite.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\Windows.UI.dllcore.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bcryptprimitives.pdbd| source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,TextInputFramework.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: secur32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdba source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorker32.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerite.pdbj source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: netutils.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinTypes.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb` source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb] source: nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: obj.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb& source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ite.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MMDevAPI.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdbpdb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\RMCLIENT.dllponents.pdbKP source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ProviderInfoerenv.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: elf.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernel32.pdbb source: nw.exe, 00000013.00000003.2369868093.000002291162A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32full.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: RmClient.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DesktopProfileSessionDurationsSe.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbKP source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb_ source: fast!.exe, 0000000F.00000000.2275695708.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: dhcpcsvc6.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api32.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdbst!\nwjs\nw.dlld47f4f4,cal\F source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rust.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerrmgrcli.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: version.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb)* source: nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wintrust.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32full.pdb?) source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nents.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rk.pdb7PN source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerapi32.pdbZ source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdbBASE.dll.muia[ source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rmgrcli.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: API.pdb source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wtsapi32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: powrprof.pdbW source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb4 source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imitives.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comctl32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: z:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: x:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: v:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: t:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: r:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: p:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: n:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: l:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: j:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: h:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: f:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: b:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: y:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: w:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: u:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: s:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: q:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: o:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: m:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: k:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: i:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: g:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: e:
Source: C:\Windows\explorer.exeFile opened: c:
Source: C:\Program Files (x86)\Fast!\fast!.exeFile opened: a:
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,5_2_00405C49
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_00406873 FindFirstFileW,FindClose,5_2_00406873
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_0040290B FindFirstFileW,5_2_0040290B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00136EE1 FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00136EE1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B2F3F6 FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_00B2F3F6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66240C1C0 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,28_2_00007FF66240C1C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66240C1C0 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,31_2_00007FF66240C1C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\3193ece0-f246-41a1-ac4b-de69be94c081.tmp
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ACF410 InternetCheckConnectionW,InternetCheckConnectionW,InternetCheckConnectionW,RegCreateKeyW,RegSetKeyValueW,CloseHandle,17_2_00ACF410
Source: Joe Sandbox ViewIP Address: 1.1.1.1 1.1.1.1
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/14231361
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/32062T
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206UU
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586gS
Source: nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324r
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384bans_1kS
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/455101
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633WT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007PZ
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281iT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535DT~
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/565801
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/575001
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881KUu
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906$T
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/59060U
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/59065U
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906:U
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906GUy
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906YU
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906ZU
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141PU
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439xT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/66513S
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/68608S
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878?U
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953QT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/727901aS
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370SS
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488#V
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724KQZ
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/776001ES
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162=S
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215CT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229HT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280-8Z
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280pc.V
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8291
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8297
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: explorer.exe, 0000001A.00000000.2395034944.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298533824.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.2295720054.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897716746.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897992374.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
Source: nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: explorer.exe, 0000001A.00000000.2395034944.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: explorer.exe, 0000001A.00000000.2395034944.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: nw.exe, 00000019.00000003.2368220284.00007C3800480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368543015.00007C380048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368160801.00007C3800474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crrev.com/c/2555698.
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE18000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.2321726077.000001F937B72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE4D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: nw.exe, 00000019.00000003.2380321570.0000023EC8CC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.w
Source: nw.exe, 00000019.00000003.2450957127.0000023EC8CC9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2451410427.0000023EC8CCC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wJ
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BF07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929-_
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000000.1612672042.000000000040A000.00000008.00000001.01000000.00000003.sdmp, SetupEngine.exe, 00000005.00000000.1879169804.000000000040A000.00000008.00000001.01000000.0000000E.sdmp, SetupEngine.exe, 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: explorer.exe, 0000001A.00000000.2395034944.000000000982D000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
Source: explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.mi
Source: explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://schemas.micr
Source: explorer.exe, 0000001A.00000000.2397489696.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.2391691146.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.2393282506.0000000008720000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: nw.exe, 00000019.00000003.2580800306.0000023EC8CCC000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2581132768.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2581224704.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL
Source: nw.exe, 00000019.00000003.2581132768.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL6e0b
Source: nw.exe, 00000019.00000003.2581436052.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFL6e0b8L
Source: nw.exe, 00000019.00000003.2581436052.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2581224704.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLC
Source: nw.exe, 00000019.00000003.2581436052.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://scripts.sil.org/OFLh
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://src.chromium.org/viewvc/blink/trunk/Source/devtools/front_end/SourceMap.js
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367181594.000002AC5A683000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://userguide.icu-project.org/strings/properties
Source: nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C964000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.midnight-commander.org/browser/lib/tty/key.c
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.squid-cache.org/Doc/config/half_closed_clients/
Source: nw.exe, 0000001E.00000002.2636073264.000002315F8B7000.00000002.00000001.00040000.00000027.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: nw.exe, 00000019.00000003.2674175318.0000023EC8DE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookiesost
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos?
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeosD
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: nw.exe, 00000019.00000003.2674175318.0000023EC8DE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C893000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
Source: explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/Vh5j3k
Source: explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirmr
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966~T
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162dU
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246TS
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320LUv
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369MTw
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714sT
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847VU
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: explorer.exe, 0000001A.00000000.2395034944.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 0000001A.00000000.2395034944.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/q
Source: explorer.exe, 0000001A.00000000.2383211441.0000000001240000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2385740932.0000000003700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 0000001A.00000000.2395034944.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?&
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=0CC40BF291614022B7DF6E2143E8A6AF&timeOut=5000&oc
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2395034944.00000000097D4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 0000001A.00000000.2395034944.00000000096DF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comi
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/traffic/Notification/desktop/svg/RoadHazard.svg
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Earnings
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehR3S.svg
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/humidity.svg
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.chromium.org/p/v8/issues/detail?id=10201
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu
Source: explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZu-dark
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeu-dark
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUY-dark
Source: nw.exe, 00000013.00000003.2353652738.0000022913396000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/detail/
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A4E3000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A4E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en-GBzNZ
Source: nw.exe, 00000013.00000003.2353777273.000002291164D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
Source: nw.exe, 00000013.00000003.2359901450.00000229135EF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375414573.00000229135EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.googl
Source: nw.exe, 00000013.00000003.2375414573.00000229135EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://code.google.com/p/chromium/issues/detail?id=25916
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#clear
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#console-namespace
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#count-map
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#countreset
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://console.spec.whatwg.org/#table
Source: nw.exeString found in binary or memory: https://crashpad.chromium.org/
Source: nw.exeString found in binary or memory: https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000012.00000000.2305429138.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000000.2309978949.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000014.00000000.2312012601.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2316369605.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2320562623.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2352294404.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000019.00000000.2362172002.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2450175208.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2468461405.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001E.00000000.2619034198.00007FF662515000.00000002.00000001.01000000.00000018.sdmpString found in binary or memory: https://crashpad.chromium.org/https://crashpad.chromium.org/bug/new
Source: nw.exe, 00000019.00000003.2436660801.000055B3005C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300902000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B300642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1297276
Source: nw.exe, 00000019.00000003.2436660801.000055B3005C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300902000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B300642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/1309302
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2436660801.000055B3005C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300902000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2436925733.000055B3000C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2674175318.0000023EC8F78000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B300642000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2674175318.0000023EC8DE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/701034
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cs.chromium.org/chromium/src/v8/tools/SourceMap.js?rcl=dd10454c1d
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7230#section-5.4
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#interface-abortcontroller
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dom.spec.whatwg.org/#interface-eventtarget
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textdecoder
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://encoding.spec.whatwg.org/#textencoder
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://esdiscuss.org/topic/isconstructor#content-11
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fetch.spec.whatwg.org/
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.go
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gogleapis.com/css2?familypx
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2
Source: nw.exe, 00000019.00000003.2628640457.00007C3800510000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2?family=Inter:wght
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css2erValidator
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/
Source: nw.exe, 00000019.00000003.2673087575.0000023F09C55000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com/s/inter/v13/ucc73fwrk3iltehus_fvqtmwcp50knma1zl7.woff2
Source: nw.exe, 00000019.00000003.2368220284.00007C3800480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368543015.00007C380048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367757920.0000023EC72DA000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367909208.0000023EC8D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fullscreen.spec.whatwg.org/#user-agent-level-style-sheet-defaults:
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BEC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BEC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BEA3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1692693903.000001F93BEE8000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000003.1692693903.000001F93BF07000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BEC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/addaleax/eventemitter-asyncresource
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chalk/ansi-regex/blob/HEAD/index.js
Source: nw.exe, 00000019.00000003.2585519146.000055B300642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/chromium/chromium/blob/HEAD/third_party/blink/public/platform/web_crypto_algorith
Source: nw.exe, 00000019.00000003.2585519146.000055B300642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/denoland/deno/blob/v1.29.1/ext/crypto/00_crypto.js#L195
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/wiki/Source-Maps
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/joyent/node/issues/3295.
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/1501.
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/libuv/libuv/pull/2025.
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/end-of-stream
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mafintosh/pump
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/mysticatea/abort-controller
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node-v0.x-archive/issues/2876.
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/ec2822adaad76b126b5cccdeaa1addf2376c9aa6
Source: nw.exe, 00000019.00000003.2585519146.000055B300642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/commit/f7620fb96d339f704932f9bb9a0dceb9952df2d4
Source: nw.exe, 00000019.00000003.2372145566.0000023F09A01000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/13435
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/19009
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/2006
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35452
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/35862
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/issues/45699
Source: nw.exe, 00000019.00000003.2590172850.000055B300682000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2594346609.000055B300502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12342
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/12607
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/21313
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/30958
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/32887
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33515.
Source: nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/33661
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34010
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34103#issuecomment-652002364
Source: nw.exe, 00000019.00000003.2590172850.000055B300682000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2594346609.000055B300502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/34375
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35941
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/35949#issuecomment-722496598
Source: nw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/36061#discussion_r533718029
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/38433#issuecomment-828426932
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/43714
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/44004#discussion_r930958420
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/46528
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/nodejs/node/pull/48477#issuecomment-1604586650
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/standard-things/esm/issues/821.
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/ecma262/issues/1209
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/tc39/proposal-iterator-helpers/issues/169
Source: nw.exe, 00000019.00000003.2368220284.00007C3800480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368543015.00007C380048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367757920.0000023EC72DA000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367909208.0000023EC8D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goo.gl/t5IS6M).
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362174616.00000229116CA000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2353442655.0000022911683000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360784883.00000229116C3000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/omise
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-default-iterator-object
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#dfn-iterator-prototype-object
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterable-entries
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-iterators
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://heycam.github.io/webidl/#es-stringifier
Source: nw.exe, 00000019.00000003.2368220284.00007C3800480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368543015.00007C380048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367757920.0000023EC72DA000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367909208.0000023EC8D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
Source: nw.exe, 00000019.00000003.2368220284.00007C3800480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368543015.00007C380048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367757920.0000023EC72DA000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367909208.0000023EC8D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
Source: nw.exe, 00000019.00000003.2368220284.00007C3800480000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2368543015.00007C380048C000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367757920.0000023EC72DA000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2367909208.0000023EC8D91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
Source: nw.exe, 00000019.00000003.2585519146.000055B300702000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2438611118.000055B300702000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setinterval
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/web-messaging.html#broadcasting-to-other-browsing-contexts
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope.
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hlXIY.img
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAKSoFp.img
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAXaopi.img
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAgi0nZ.img
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBqlLky.img
Source: explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img.s-msn.com/tenant/amp/entityid/AAbC0oi.img
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
Source: nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#forgiving-base64-decode
Source: nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.goo
Source: nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/1874254449_
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903m
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748TZ
Source: nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403SZ
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104M_v
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263Q
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/288119108
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292285899
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/292285899Z
Source: nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: nw.exe, 00000019.00000003.2585519146.000055B300702000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2438611118.000055B300702000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode).
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/fs.html
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/api/permissions.html#file-system-permissions
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/?
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BEC2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 00000002.00000003.1692693903.000001F93BE56000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com_
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
Source: nw.exe, 00000019.00000003.2593978197.000055B300102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html
Source: nw.exe, 00000019.00000003.2593978197.000055B300102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap12.html).
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717401806.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717363471.000000000320C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exe
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exe2
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717363471.0000000003203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exe35:01
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717401806.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exe6
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717401806.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repcdn.veryfast.io/download/2.338/SetupEngine.exef
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://simpleflying.com/how-do-you-become-an-air-traffic-controller/
Source: nw.exe, 00000019.00000003.2585519146.000055B300702000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2438611118.000055B300702000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sourcemaps.info/spec.html
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/a/5501711/3561
Source: nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://streams.spec.whatwg.org/#example-manual-write-with-backpressure
Source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
Source: nw.exe, 00000019.00000003.2446700268.0000023F09A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#eqn-modulo
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-IsHTMLDDA-internal-slot
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.es/ecma262/#sec-timeclip
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-%typedarray%.of
Source: nw.exe, 00000019.00000003.2585519146.000055B300702000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2438611118.000055B300702000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2397#section-2
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3986#section-3.2.2
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7230#section-3.2.6
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-url
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-byte-serializer
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-parser
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#concept-urlencoded-serializer
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparams
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#forbidden-host-code-point
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#url
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://url.spec.whatwg.org/#urlsearchparams-stringification-behavior
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://v8.dev/blog/v8-release-89
Source: fast!.exe, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, nw.exe, 00000019.00000003.2590082728.00007C3800650000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2593119865.00007C3800660000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/
Source: nw.exe, 00000019.00000003.2590172850.000055B300842000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/-
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io//pixel.gif
Source: nw.exe, 00000019.00000003.2593978197.000055B300102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io//pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=2.338&evt_src=produ
Source: SetupEngine.exe, 00000005.00000003.2096717830.00000000031AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/0
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673798261.00000000031E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673850224.00000000031EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/BN
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891165704.0000000003203000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/LMEMH
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673798261.00000000031E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673850224.00000000031EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/PR
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/Q
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/X
Source: fast!.exe, 0000000F.00000003.2313403514.00000000007F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/api/fast.php?a=configList&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=2.33
Source: nw.exe, 00000019.00000003.2593978197.000055B300102000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/api/fast.php?c=pay&a=getPayStrategy&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&ve
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891165704.000000000320C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/download.php?engine=1&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/inst_cpg.php?src=fast_mini&guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673850224.00000000031EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/inst_cpg.php?src=fast_mini&guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=17095
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=
Source: SetupEngine.exe, 00000005.00000003.2270837704.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2300268870.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: SetupEngine.exe, 00000005.00000003.2270837704.00000000031DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348%v
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&g
Source: SetupEngine.exe, 00000005.00000003.2296064148.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2300268870.00000000031DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348/
Source: SetupEngine.exe, 00000005.00000003.2271078120.00000000031AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=170954716917334822
Source: SetupEngine.exe, 00000005.00000003.2270837704.00000000031DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348:r
Source: SetupEngine.exe, 00000005.00000003.2295720054.0000000000717000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348BL
Source: SetupEngine.exe, 00000005.00000003.2295720054.0000000000717000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348H
Source: SetupEngine.exe, 00000005.00000003.2270837704.00000000031DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Q
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Zg
Source: SetupEngine.exe, 00000005.00000003.2296064148.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.2270837704.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2300268870.00000000031DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348g
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348j
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348pf
Source: SetupEngine.exe, 00000005.00000003.2295720054.0000000000717000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348zL
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: SetupEngine.exe, 00000005.00000003.2096717830.00000000031AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/lPROCESSOR_LEVEL=6PRO
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673798261.00000000031E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673850224.00000000031EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/lick-to-Run
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=&version=&evt_src=installer&evt_action=cancel
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&evt_s
Source: SetupEngine.exe, 00000005.00000003.2096924465.00000000031B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&versi
Source: fast!.exe, 0000000F.00000003.2313403514.0000000000807000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&version=2.338&evt_src=Fast
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/privacy.html?guid=By
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000671000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=
Source: SetupEngine.exe, 00000005.00000003.2271078120.00000000031AF000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/register.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch
Source: SetupEngine.exe, 00000005.00000003.1898048289.0000000000685000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897773609.0000000000685000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/stemCertificates
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/tos.html?guid=
Source: SetupEngine.exe, 00000005.00000003.2296064148.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2300268870.00000000031DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/x2
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/xiU
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717401806.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://veryfast.io/z
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/FileAPI/#creating-revoking
Source: nw.exe, 00000019.00000003.2590172850.000055B300682000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2594346609.000055B300502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/resource-timing/#dom-performance-setresourcetimingbuffersize
Source: nw.exe, 00000019.00000003.2585519146.000055B300642000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://w3c.github.io/webcrypto/#algorithm-normalization-normalize-an-algorithm
Source: nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webassembly.github.io/spec/web-api
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#Exposed.
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-converttoint
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#abstract-opdef-integerpart
Source: nw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://webidl.spec.whatwg.org/#es-DOMString
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3F
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C557000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/L
Source: explorer.exe, 0000001A.00000000.2402233699.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecma-international.org/ecma-262/5.1/#sec-15.1.3.4
Source: nw.exe, 00000012.00000003.2369684682.000002AC5A5CB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/es
Source: nw.exe, 00000012.00000003.2369684682.000002AC5A5CB000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=blah.blah.blah.blah.blah&sourceid=chrome&ie=UTF-8
Source: nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=blah.blah.blah.blah.blah&sourceid=chrome&ie=UTF-8ata
Source: nw.exe, 00000013.00000003.2360241791.0000022913572000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfop
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfoT
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/tokenret
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: nw.exe, 00000019.00000003.2590172850.000055B300682000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2594346609.000055B300502000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.iana.org/assignments/tls-extensiontype-values
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/lifestyle-buzz/biden-makes-decision-that-will-impact-more-than-1
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-mi
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/13-states-that-don-t-tax-your-retirement-income/ar-A
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/no-wonder-the-american-public-is-confused-if-you-re-
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/clarence-thomas-in-spotlight-as-supreme-court-delivers-blow-
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/exclusive-john-kelly-goes-on-the-record-to-confirm-several-d
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/topic/breast%20cancer%20awareness%20month?ocid=winp1headerevent
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/a-nationwide-emergency-alert-will-be-sent-to-all-u-s-cellphones-we
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/metro-officials-still-investigating-friday-s-railcar-derailment/ar
Source: explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/when-does-daylight-saving-time-end-2023-here-s-when-to-set-your-cl
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/agostini-krausz-and-l-huillier-win-physics-nobel-for-looking-at
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/rest-of-hurricane-season-in-uncharted-waters-because-of
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-win
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/list/polite-habits-campers-dislike/
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.rd.com/newsletter/?int_source=direct&int_medium=rd.com&int_campaign=nlrda_20221001_toppe
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc6266#section-4.3
Source: nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc9110#section-5.2
Source: nw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txt
Source: nw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AD5860 GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetTickCount64,GetTickCount64,GetTickCount64,17_2_00AD5860
Source: nw.exe, 00000013.00000003.2351973432.00000229132C1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: RegisterRawInputDevicesmemstr_b21dcdb2-b
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00ED1446 NtQuerySystemInformation,NtQuerySystemInformation,10_2_00ED1446
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AE46A0 OpenProcess,GetPriorityClass,NtQueryInformationProcess,17_2_00AE46A0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AE4945 NtQueryInformationProcess,GetProcessPriorityBoost,NtQueryInformationProcess,17_2_00AE4945
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AE0EF0 OpenProcess,NtSetInformationProcess,GetTickCount64,17_2_00AE0EF0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AD5600 OpenProcess,NtSetInformationProcess,17_2_00AD5600
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AD5F50 OpenProcess,NtSetInformationProcess,GetTickCount64,17_2_00AD5F50
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00ED1085: CreateEventA,GetLastError,DeviceIoControl,GetLastError,WaitForSingleObject,GetLastError,CloseHandle,10_2_00ED1085
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00122B30 WTSGetActiveConsoleSessionId,WaitForSingleObject,WTSGetActiveConsoleSessionId,WTSQueryUserToken,GetTokenInformation,GetLastError,GetLastError,wsprintfW,wsprintfW,DuplicateTokenEx,wsprintfW,wsprintfW,ConvertStringSidToSidW,wsprintfW,GetLengthSid,SetTokenInformation,wsprintfW,CloseHandle,wsprintfW,CreateProcessAsUserW,CloseHandle,CloseHandle,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,DestroyEnvironmentBlock,CloseHandle,CloseHandle,GetLastError,wsprintfW,CloseHandle,CloseHandle,GetLastError,wsprintfW,12_2_00122B30
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,5_2_0040352D
Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile created: C:\Windows\SystemTemp\nw2540_167782079
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040755C0_2_0040755C
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00406D850_2_00406D85
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_0040755C5_2_0040755C
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_00406D855_2_00406D85
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00ED1F6010_2_00ED1F60
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00ECD64010_2_00ECD640
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00121D2012_2_00121D20
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012483012_2_00124830
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00135A1F12_2_00135A1F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AE4FA717_2_00AE4FA7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AF409017_2_00AF4090
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AEE31017_2_00AEE310
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AC668017_2_00AC6680
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ABC62017_2_00ABC620
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ABC63017_2_00ABC630
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B2E8C617_2_00B2E8C6
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ABC86017_2_00ABC860
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B18A9017_2_00B18A90
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B18A6717_2_00B18A67
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B26CF417_2_00B26CF4
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AD4D8017_2_00AD4D80
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B3306C17_2_00B3306C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AF917017_2_00AF9170
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ABC86017_2_00ABC860
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AC72F017_2_00AC72F0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AFB5D017_2_00AFB5D0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B1D6E117_2_00B1D6E1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B219D017_2_00B219D0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AB392017_2_00AB3920
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AE1AB317_2_00AE1AB3
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AB7CD017_2_00AB7CD0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AEFC0017_2_00AEFC00
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AF9DE017_2_00AF9DE0
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ABFE5517_2_00ABFE55
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623EFC0028_2_00007FF6623EFC00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624E140828_2_00007FF6624E1408
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C53C028_2_00007FF6623C53C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B33E828_2_00007FF6623B33E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624E652028_2_00007FF6624E6520
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623D953028_2_00007FF6623D9530
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623DB4D028_2_00007FF6623DB4D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6625064E428_2_00007FF6625064E4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C34F028_2_00007FF6623C34F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623D41A028_2_00007FF6623D41A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239715028_2_00007FF662397150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623F015028_2_00007FF6623F0150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624E120428_2_00007FF6624E1204
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6625061FC28_2_00007FF6625061FC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C522028_2_00007FF6623C5220
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623D023028_2_00007FF6623D0230
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624EE24C28_2_00007FF6624EE24C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239525228_2_00007FF662395252
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B225828_2_00007FF6623B2258
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239C30028_2_00007FF66239C300
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239474C28_2_00007FF66239474C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624DE76028_2_00007FF6624DE760
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C580028_2_00007FF6623C5800
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623AA81028_2_00007FF6623AA810
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623CB8A028_2_00007FF6623CB8A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624E984C28_2_00007FF6624E984C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B387028_2_00007FF6623B3870
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66241C91028_2_00007FF66241C910
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66250F93028_2_00007FF66250F930
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6625068DC28_2_00007FF6625068DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239C63028_2_00007FF66239C630
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239666028_2_00007FF662396660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623F666028_2_00007FF6623F6660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B26BC28_2_00007FF6623B26BC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624246E028_2_00007FF6624246E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C4B8028_2_00007FF6623C4B80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239CB8228_2_00007FF66239CB82
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623AEB5028_2_00007FF6623AEB50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66244FC1028_2_00007FF66244FC10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66241ABE028_2_00007FF66241ABE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623D3C9D28_2_00007FF6623D3C9D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C5C7028_2_00007FF6623C5C70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623CAC7028_2_00007FF6623CAC70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B3CF828_2_00007FF6623B3CF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624DECF828_2_00007FF6624DECF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623FF9B028_2_00007FF6623FF9B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66251196028_2_00007FF662511960
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623F595028_2_00007FF6623F5950
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624FCA4C28_2_00007FF6624FCA4C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B2B2028_2_00007FF6623B2B20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B9B2228_2_00007FF6623B9B22
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B2F8428_2_00007FF6623B2F84
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623ADF3828_2_00007FF6623ADF38
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624E100028_2_00007FF6624E1000
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C4FE028_2_00007FF6623C4FE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66241A04028_2_00007FF66241A040
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C207028_2_00007FF6623C2070
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623C60E028_2_00007FF6623C60E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66239BD9C28_2_00007FF66239BD9C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623CDD4028_2_00007FF6623CDD40
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623D3D4628_2_00007FF6623D3D46
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623A0DD828_2_00007FF6623A0DD8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B1DF428_2_00007FF6623B1DF4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623B7E4828_2_00007FF6623B7E48
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623EFC0031_2_00007FF6623EFC00
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624E140831_2_00007FF6624E1408
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C53C031_2_00007FF6623C53C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B33E831_2_00007FF6623B33E8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624E652031_2_00007FF6624E6520
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623D953031_2_00007FF6623D9530
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623DB4D031_2_00007FF6623DB4D0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6625064E431_2_00007FF6625064E4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C34F031_2_00007FF6623C34F0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623D41A031_2_00007FF6623D41A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239715031_2_00007FF662397150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623F015031_2_00007FF6623F0150
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624E120431_2_00007FF6624E1204
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6625061FC31_2_00007FF6625061FC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C522031_2_00007FF6623C5220
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623D023031_2_00007FF6623D0230
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624EE24C31_2_00007FF6624EE24C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239525231_2_00007FF662395252
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B225831_2_00007FF6623B2258
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239C30031_2_00007FF66239C300
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239474C31_2_00007FF66239474C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624DE76031_2_00007FF6624DE760
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C580031_2_00007FF6623C5800
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623AA81031_2_00007FF6623AA810
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623CB8A031_2_00007FF6623CB8A0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624E984C31_2_00007FF6624E984C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B387031_2_00007FF6623B3870
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66241C91031_2_00007FF66241C910
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66250F93031_2_00007FF66250F930
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6625068DC31_2_00007FF6625068DC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239C63031_2_00007FF66239C630
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239666031_2_00007FF662396660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623F666031_2_00007FF6623F6660
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B26BC31_2_00007FF6623B26BC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624246E031_2_00007FF6624246E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C4B8031_2_00007FF6623C4B80
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239CB8231_2_00007FF66239CB82
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623AEB5031_2_00007FF6623AEB50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66244FC1031_2_00007FF66244FC10
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66241ABE031_2_00007FF66241ABE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623D3C9D31_2_00007FF6623D3C9D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C5C7031_2_00007FF6623C5C70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623CAC7031_2_00007FF6623CAC70
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B3CF831_2_00007FF6623B3CF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624DECF831_2_00007FF6624DECF8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623FF9B031_2_00007FF6623FF9B0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66251196031_2_00007FF662511960
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623F595031_2_00007FF6623F5950
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624FCA4C31_2_00007FF6624FCA4C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B2B2031_2_00007FF6623B2B20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B9B2231_2_00007FF6623B9B22
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B2F8431_2_00007FF6623B2F84
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623ADF3831_2_00007FF6623ADF38
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624E100031_2_00007FF6624E1000
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C4FE031_2_00007FF6623C4FE0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66241A04031_2_00007FF66241A040
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C207031_2_00007FF6623C2070
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623C60E031_2_00007FF6623C60E0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66239BD9C31_2_00007FF66239BD9C
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623CDD4031_2_00007FF6623CDD40
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623D3D4631_2_00007FF6623D3D46
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623A0DD831_2_00007FF6623A0DD8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B1DF431_2_00007FF6623B1DF4
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623B7E4831_2_00007FF6623B7E48
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll 7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll A49240F9B626D8EF02713EFC9624408F1FA0399775B68FB3F2EF1DB69FB8AB78
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00B15838 appears 108 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00B15E20 appears 45 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00AB2C70 appears 81 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00B1586B appears 63 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00AB2940 appears 82 times
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: String function: 00AFDC9B appears 33 times
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: String function: 0012B9D0 appears 38 times
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: String function: 00ED834C appears 49 times
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: String function: 00EC9AB6 appears 47 times
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: String function: 00ECC52F appears 37 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00007FF6623F4380 appears 62 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00007FF66239211D appears 64 times
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: String function: 00007FF662395C64 appears 744 times
Source: nw.dll.5.drStatic PE information: Number of sections : 16 > 10
Source: vk_swiftshader.dll.5.drStatic PE information: Number of sections : 12 > 10
Source: ffmpeg.dll.5.drStatic PE information: Number of sections : 12 > 10
Source: libEGL.dll.5.drStatic PE information: Number of sections : 13 > 10
Source: node.dll.5.drStatic PE information: Number of sections : 12 > 10
Source: libGLESv2.dll.5.drStatic PE information: Number of sections : 13 > 10
Source: nw_elf.dll.5.drStatic PE information: Number of sections : 15 > 10
Source: vulkan-1.dll.5.drStatic PE information: Number of sections : 12 > 10
Source: nw.exe.5.drStatic PE information: Number of sections : 14 > 10
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameinetc.dllF vs 9c23f857-b0b9-47d6-b664-47a3132066f4.exe
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: esent.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: webio.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: es.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: shfolder.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: riched20.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: usp10.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: msls31.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: linkinfo.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ntshrui.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: windows.shell.servicehostbuilder.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: ieframe.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: mlang.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\FastSRV.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: apphelp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.internal.graphics.display.displaycolormanagement.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: iertutil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winnsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: webio.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: schannel.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: edputil.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: urlmon.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: srvcli.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: appresolver.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: bcp47langs.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: slc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: sppc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wininet.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\fast!.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.storage.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wldp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kbdus.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wkscli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: textinputframework.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coreuicomponents.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coremessaging.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wintypes.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: twinapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.ui.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windowmanagementapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: inputhost.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: propsys.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wtsapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winsta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mdmregistration.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: omadmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dmcmnutils.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iri.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mmdevapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: devobj.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mscms.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: coloradapterclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dsreg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msvcp110_win.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wpnapps.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rmclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: xmllite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: usermgrcli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: windows.media.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wlanapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: firewallapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dataexchange.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: d3d11.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: explorerframe.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: atlthunk.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: oleacc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: directmanipulation.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: linkinfo.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: netapi32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wlanapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncrypt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: pcpksp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: tbs.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ncryptprov.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dxgi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: resourcepolicyclient.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mfplat.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rtworkq.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwmapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dcomp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rsaenh.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: gpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ntmarta.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: node.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbgcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: cryptbase.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: powrprof.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: umpdc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: mswsock.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwritecore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dnsapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: napinsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wshbth.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nlaapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winrnr.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: rasadhlp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: sspicli.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: msasn1.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: uxtheme.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: wbemcomn.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: amsi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: profapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: nw_elf.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: version.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winmm.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dbghelp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: iphlpapi.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: userenv.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: secur32.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: winhttp.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: ffmpeg.dll
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSection loaded: dwrite.dll
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: classification engineClassification label: mal42.spyw.evad.winEXE@58/369@0/20
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF662395FB0 FormatMessageA,GetLastError,28_2_00007FF662395FB0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,5_2_0040352D
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00ED1175 GetCurrentProcess,OpenProcessToken,GetLastError,LookupPrivilegeValueA,GetLastError,AdjustTokenPrivileges,GetLastError,GetLastError,FindCloseChangeNotification,10_2_00ED1175
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00ACF090 LookupPrivilegeValueW,GetLastError,GetCurrentProcess,OpenProcessToken,GetLastError,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,17_2_00ACF090
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_001223A0 WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep,12_2_001223A0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AB3460 LoadResource,LockResource,SizeofResource,17_2_00AB3460
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_001228D0 StartServiceCtrlDispatcherW,GetLastError,12_2_001228D0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_001228D0 StartServiceCtrlDispatcherW,GetLastError,12_2_001228D0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Program Files (x86)\Fast!Jump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\FAST!Jump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeMutant created: \Sessions\1\BaseNamedObjects\Local\ChromeProcessSingletonStartup!
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsr722B.tmpJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: /noui17_2_00AF1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: /noui17_2_00AF1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: Local\fast!17_2_00AF1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: Local\fast!17_2_00AF1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: ui\.17_2_00AF1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: nwjs\nw17_2_00AF1610
Source: C:\Program Files (x86)\Fast!\fast!.exeCommand line argument: open17_2_00AF1610
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile read: C:\Windows\System32\drivers\etc\hosts
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeVirustotal: Detection: 16%
Source: diskspd.exeString found in binary or memory: <LoadImage>%I64u</LoadImage>
Source: diskspd.exeString found in binary or memory: Error creating/opening force-stop event: '%s'
Source: diskspd.exeString found in binary or memory: Error creating/opening wait-for-start event: '%s'
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: nw.exeString found in binary or memory: Try '%ls --help' for more information.
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile read: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1808,i,5385278516166329545,13648946590053204352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
Source: unknownProcess created: C:\Program Files (x86)\Fast!\FastSRV.exe C:\Program Files (x86)\Fast!\FastSRV.exe
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,7066265627927454762,6474202962807613593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exe
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1808,i,5385278516166329545,13648946590053204352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\Fast!\Fast!.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,7066265627927454762,6474202962807613593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess created: C:\Program Files (x86)\Fast!\fast!.exe C:\Program Files (x86)\fast!\fast!.exe
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Fast!.lnk.5.drLNK file: ..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: Uninstall.lnk.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\uninstaller.exe
Source: Fast!.lnk0.5.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files (x86)\Fast!\fast!.exe
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeAutomated click: Next >
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeAutomated click: Next >
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: certificate valid
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb1] source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkertf.pdbb. source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdbdbh source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdb source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: core.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\SHELL32.dllimitives.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcrt.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerapi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb] source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdbv source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: napi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DisplayStringtbase.pdb] source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .Appcore.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: help.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdbJ source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb% source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &Windows.Storage.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws.Storage.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerlient.pdbS source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: XmlLite.pdbb+ source: nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb!\nwjs\nw_elf.dllU source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerCatQ.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\DPAPI.dll.Appcore.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkscli.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AddressFamilyrust.pdbu source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\SYSTEM32\WTSAPI32.dllagementAPI.pdb( source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: AppId_Catalogient.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerlpapi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ws2_32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winspool.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolBackgroundWorkerTypes.pdbi source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "CoreMessaging.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gpapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: powrprof.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ponents.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ole32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\FastSRV\Release\FastSRV.pdb source: FastSRV.exe, 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmp, FastSRV.exe, 0000000C.00000000.2271478988.000000000013F000.00000002.00000001.01000000.00000016.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb&&h source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Windows.UI.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\SYSTEM32\usermgrcli.dllnents.pdbT source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerhelp.pdbx source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: combase.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CatQ.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\cfgmgr32.dllagementAPI.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: lient.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerpi.pdb_ source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernelbase.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369868093.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2372300418.000002291162F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: usermgrcli.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UMPDC.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\system32\uxtheme.dllimitives.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: lpapi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: s.pdbd| source: nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tbase.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: &twinapi.appcore.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: s.pdb source: nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sspicli.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shell32.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msvcp_win.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerobj.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdb source: diskspd.exe, diskspd.exe, 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: wtsapi32.pdb? source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb source: fast!.exe, 0000000F.00000000.2275695708.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbp source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tFramework.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Types.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdbapterClient.dlllyq source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dbghelp.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ient.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: fmpeg.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\SYSTEM32\Wldp.dllws.Storage.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wkscli.pdb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: agementAPI.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: sechost.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\zak\Downloads\Inetc\Unicode\Plugins\inetc.pdb source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmp
Source: Binary string: propsys.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: $Kernel.Appcore.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: tf.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msctf.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369868093.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bcryptprimitives.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mscms.pdb source: nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: devobj.pdbb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: user32.pdb source: nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdb^ source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolServiceThreadbcrypt.pdbbc source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winmm.pdbQ source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: msasn1.pdbC source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\ffmpeg.dll.pdb source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dhcpcsvc.pdbn source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nw.exe.pdb source: nw.exe, 00000013.00000003.2351550393.00000229132ED000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340089427.00000229132DD000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370845505.00000229132F5000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2361738929.00000229132F0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340641718.00000229132F2000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nsi.pdbpdb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: UxTheme.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: Framework.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: 32.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ucrtbase.pdb: source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winsta.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: psys.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: bcrypt.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: "CoreMessaging.pdbb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\RMCLIENT.dllFramework.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\XmlLite.dlltFramework.pdb7PN source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkernapi.pdbb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntmarta.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: CLBCatQ.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: w.dll.pdb/]" source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdbes.dll.mui1c source: nw.exe, 00000013.00000003.2377064946.0000022913312000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2366474011.000002291330F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340945712.000002291330A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernel32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdb source: nw.exe, 00000012.00000000.2305429138.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000003.2377064946.0000022913312000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000000.2309978949.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000003.2366474011.000002291330F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340945712.000002291330A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000014.00000000.2312012601.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2316369605.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2320562623.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2352294404.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000019.00000000.2362172002.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2450175208.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2468461405.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001E.00000000.2619034198.00007FF662515000.00000002.00000001.01000000.00000018.sdmp
Source: Binary string: wintrust.pdbu source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: win32u.pdb source: nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rk.pdb source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: InputHost.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: erenv.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wpnapps.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: iphlpapi.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerpsys.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdb/ source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: advapi32.pdbD source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wpnapps.pdb| source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\ADVAPI32.dllelf.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: XmlLite.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DWrite.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\Windows.UI.dllcore.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (bcryptprimitives.pdbd| source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,TextInputFramework.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: secur32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imm32.pdba source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorker32.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerite.pdbj source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: z:\rs1.obj.x86fre\sdktools\srvperf\diskspd.oss\cmdrequestcreator\objfre\i386\diskspd.pdbGCTL source: diskspd.exe, 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp
Source: Binary string: netutils.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WinTypes.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb` source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pi.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ,ColorAdapterClient.pdb] source: nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WindowManagementAPI.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rpcrt4.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: obj.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shcore.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: shlwapi.pdb& source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ite.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: MMDevAPI.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dpapi.pdbpdb source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Windows\System32\RMCLIENT.dllponents.pdbKP source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ProviderInfoerenv.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: elf.dll.pdb source: nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: dnsapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: userenv.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw_elf.dll.pdb source: nw.exe, 00000013.00000003.2335977363.0000022913356000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2332753881.0000022913351000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: kernel32.pdbb source: nw.exe, 00000013.00000003.2369868093.000002291162A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: setupapi.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nlaapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: winhttp.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: devobj.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32full.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: RmClient.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: DesktopProfileSessionDurationsSe.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: .pdbKP source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Build\Build_vfs_2.338_D20240227T105637\veryfast.io\proc_booster\Release-Booster\proc_booster.pdb_ source: fast!.exe, 0000000F.00000000.2275695708.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmp
Source: Binary string: dhcpcsvc6.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: profapi.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: WLDP.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: api32.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_win64\node-webkit\src\outst\nw\nw.dll.pdbst!\nwjs\nw.dlld47f4f4,cal\F source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rust.pdb source: nw.exe, 00000013.00000003.2376676044.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2360241791.00000229135A8000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373829840.00000229135A8000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerrmgrcli.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: version.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: (CoreUIComponents.pdb)* source: nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wintrust.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: gdi32full.pdb?) source: nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: nents.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rk.pdb7PN source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: twinapi.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ThreadPoolForegroundWorkerapi32.pdbZ source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\nw82_sdk_win64\node-webkit\src\outst\nw\initialexe\nw.exe.pdbBASE.dll.muia[ source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: rmgrcli.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cryptbase.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: ntdll.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: API.pdb source: nw.exe, 00000013.00000003.2370898397.000002291161F000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371054041.0000022911626000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wtsapi32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: oleaut32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: powrprof.pdbW source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: cfgmgr32.pdb4 source: nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: OneCoreUAPCommonProxyStub.pdb source: nw.exe, 00000013.00000003.2358394363.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373298920.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336344952.0000022913363000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2371112960.000002291166A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376855658.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375358077.0000022913361000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2374950350.000002291166B000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376514877.0000022913365000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336211027.0000022911669000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337093943.0000022911669000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: imitives.pdb source: nw.exe, 00000013.00000003.2362964270.0000022913322000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2338755419.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913325000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2376962535.000002291332D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2369949344.000002291332A000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: comctl32.pdb source: nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340272718.000002291162A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2337422628.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336474248.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334731824.00000229135A9000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: crypt32.pdb source: nw.exe, 00000013.00000003.2338755419.000002291334A000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2334107562.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2368849250.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2362964270.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2336823938.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2335977363.0000022913340000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2333787155.00000229134F4000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2339796189.000002291161D000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2340491555.0000022911620000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2373076683.0000022913344000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2351202596.00000229134F4000.00000004.00000020.00020000.00000000.sdmp
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AD0BA0 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,17_2_00AD0BA0
Source: Banner.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x15b3
Source: inetc.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: nsExec.dll.5.drStatic PE information: real checksum: 0x0 should be: 0xde0c
Source: System.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: vk_swiftshader.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x45629c
Source: System.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x3d68
Source: libGLESv2.dll0.5.drStatic PE information: real checksum: 0x0 should be: 0x1f9bbb
Source: nsJSON.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x6718
Source: SimpleSC.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x1119d4
Source: ffmpeg.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x1ffb7a
Source: libEGL.dll0.5.drStatic PE information: real checksum: 0x0 should be: 0x25219
Source: libEGL.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x72fff
Source: uninstaller.exe.5.drStatic PE information: real checksum: 0x7cf6bcb should be: 0x77b67
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exeStatic PE information: real checksum: 0x2586f should be: 0x20a0c
Source: libGLESv2.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x69cd14
Source: nw_elf.dll.5.drStatic PE information: real checksum: 0x0 should be: 0x1203a0
Source: vulkan-1.dll.5.drStatic PE information: real checksum: 0x0 should be: 0xe54f7
Source: inetc.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x13c41
Source: nsDialogs.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2f9b
Source: SimpleSC.dll.5.drStatic PE information: section name: .didata
Source: ffmpeg.dll.5.drStatic PE information: section name: .00cfg
Source: ffmpeg.dll.5.drStatic PE information: section name: .gxfg
Source: ffmpeg.dll.5.drStatic PE information: section name: .retplne
Source: ffmpeg.dll.5.drStatic PE information: section name: .voltbl
Source: ffmpeg.dll.5.drStatic PE information: section name: _RDATA
Source: libEGL.dll.5.drStatic PE information: section name: .00cfg
Source: libEGL.dll.5.drStatic PE information: section name: .gxfg
Source: libEGL.dll.5.drStatic PE information: section name: .retplne
Source: libEGL.dll.5.drStatic PE information: section name: .voltbl
Source: libEGL.dll.5.drStatic PE information: section name: _RDATA
Source: libEGL.dll.5.drStatic PE information: section name: malloc_h
Source: libGLESv2.dll.5.drStatic PE information: section name: .00cfg
Source: libGLESv2.dll.5.drStatic PE information: section name: .gxfg
Source: libGLESv2.dll.5.drStatic PE information: section name: .retplne
Source: libGLESv2.dll.5.drStatic PE information: section name: .voltbl
Source: libGLESv2.dll.5.drStatic PE information: section name: _RDATA
Source: libGLESv2.dll.5.drStatic PE information: section name: malloc_h
Source: node.dll.5.drStatic PE information: section name: .00cfg
Source: node.dll.5.drStatic PE information: section name: .gxfg
Source: node.dll.5.drStatic PE information: section name: .retplne
Source: node.dll.5.drStatic PE information: section name: .voltbl
Source: node.dll.5.drStatic PE information: section name: _RDATA
Source: nw.dll.5.drStatic PE information: section name: .00cfg
Source: nw.dll.5.drStatic PE information: section name: .gxfg
Source: nw.dll.5.drStatic PE information: section name: .retplne
Source: nw.dll.5.drStatic PE information: section name: .rodata
Source: nw.dll.5.drStatic PE information: section name: .voltbl
Source: nw.dll.5.drStatic PE information: section name: CPADinfo
Source: nw.dll.5.drStatic PE information: section name: LZMADEC
Source: nw.dll.5.drStatic PE information: section name: _RDATA
Source: nw.dll.5.drStatic PE information: section name: malloc_h
Source: nw.exe.5.drStatic PE information: section name: .00cfg
Source: nw.exe.5.drStatic PE information: section name: .gxfg
Source: nw.exe.5.drStatic PE information: section name: .retplne
Source: nw.exe.5.drStatic PE information: section name: .voltbl
Source: nw.exe.5.drStatic PE information: section name: CPADinfo
Source: nw.exe.5.drStatic PE information: section name: _RDATA
Source: nw.exe.5.drStatic PE information: section name: malloc_h
Source: nw_elf.dll.5.drStatic PE information: section name: .00cfg
Source: nw_elf.dll.5.drStatic PE information: section name: .crthunk
Source: nw_elf.dll.5.drStatic PE information: section name: .gxfg
Source: nw_elf.dll.5.drStatic PE information: section name: .retplne
Source: nw_elf.dll.5.drStatic PE information: section name: .voltbl
Source: nw_elf.dll.5.drStatic PE information: section name: CPADinfo
Source: nw_elf.dll.5.drStatic PE information: section name: _RDATA
Source: nw_elf.dll.5.drStatic PE information: section name: malloc_h
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .00cfg
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .gxfg
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .retplne
Source: vk_swiftshader.dll.5.drStatic PE information: section name: .voltbl
Source: vk_swiftshader.dll.5.drStatic PE information: section name: _RDATA
Source: vulkan-1.dll.5.drStatic PE information: section name: .00cfg
Source: vulkan-1.dll.5.drStatic PE information: section name: .gxfg
Source: vulkan-1.dll.5.drStatic PE information: section name: .retplne
Source: vulkan-1.dll.5.drStatic PE information: section name: .voltbl
Source: vulkan-1.dll.5.drStatic PE information: section name: _RDATA
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00EDD0E7 push ecx; ret 10_2_00EDD0FA
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00EDD7A9 push ecx; ret 10_2_00EDD7BC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012B35E push ecx; ret 12_2_0012B371
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B15815 push ecx; ret 17_2_00B15828
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6623D2497 push rbp; ret 28_2_00007FF6623D2498
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6623D2497 push rbp; ret 31_2_00007FF6623D2498

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u10_2_00ED1F60
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\node.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\fast!.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\FastSRV.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw.exeJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Program Files (x86)\Fast!\nwjs\nw_elf.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeFile created: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\Banner.dllJump to dropped file

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: __EH_prolog3_GS,srand,GetCurrentThread,SetThreadGroupAffinity,atoi,sprintf_s,isalpha,sprintf_s,CreateFileA,SetFileInformationByHandle,GetFileSize,GetLastError,__aulldiv,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,GetLastError,GetLastError,GetLastError,WaitForSingleObject,GetLastError,Sleep,ReadFile,WriteFile,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,SetFilePointerEx,GetLastError,CreateIoCompletionPort,GetLastError,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,WaitForSingleObject,VirtualFree,FindCloseChangeNotification,CloseHandle,??3@YAXPAX@Z, \\.\PhysicalDrive%u10_2_00ED1F60
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!Jump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnkJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnkJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_001228D0 StartServiceCtrlDispatcherW,GetLastError,12_2_001228D0
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\FastSRV.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Found stalling execution ending in API Sleep call
Source: C:\Program Files (x86)\Fast!\FastSRV.exeStalling execution: Execution stalls by calling Sleepgraph_12-14758
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Caption from Win32_DiskDrive
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Size from Win32_DiskDrive
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId, ServiceType FROM Win32_Service
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT ProcessId, ServiceType FROM Win32_Service
Query firmware table information (likely to detect VMs)
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeSystem information queried: FirmwareTableInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF662393758 rdtsc 28_2_00007FF662393758
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 4388
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: threadDelayed 3349
Source: C:\Program Files (x86)\Fast!\fast!.exeWindow / User API: foregroundWindowGot 1768
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 674
Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 643
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\nw.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\SimpleSC.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\System.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\nsExec.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\inetc.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libEGL.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dllJump to dropped file
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeDropped PE file which has not been started: C:\Program Files (x86)\Fast!\uninstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\Banner.dllJump to dropped file
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsDialogs.dllJump to dropped file
Source: C:\Program Files (x86)\Fast!\fast!.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_17-59453
Source: C:\Program Files (x86)\Fast!\FastSRV.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_12-14782
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00121D20 WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep,GetProcessTimes,GetSystemTimeAsFileTime,Sleep,InitializeCriticalSectionEx,GetLastError,12_2_00121D20
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_12-14793
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeAPI coverage: 7.2 %
Source: C:\Program Files (x86)\Fast!\fast!.exeAPI coverage: 8.8 %
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeAPI coverage: 5.2 %
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeAPI coverage: 5.0 %
Source: C:\Windows\System32\svchost.exe TID: 7524Thread sleep time: -30000s >= -30000sJump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 4388 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep time: -4388000s >= -30000s
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 56 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 124 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 189 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 39 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 31 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 51 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep count: 3349 > 30
Source: C:\Program Files (x86)\Fast!\fast!.exe TID: 1060Thread sleep time: -3349000s >= -30000s
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exe TID: 5816Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Product FROM Win32_BaseBoard
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Version FROM Win32_BIOS
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select UUID from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Vendor from Win32_ComputerSystemProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Version from Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\fast!.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_ComputerSystemProduct
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select Name from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select MaxClockSpeed from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfCores from Win32_Processor
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : Select NumberOfLogicalProcessors from Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\blob_storage\60385bdb-460a-4ff2-913e-1b8458da796d FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Program Files (x86)\Fast!\nwjs FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Program Files (x86)\Fast!\nwjs FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile Volume queried: C:\Users\user FullSizeInformation
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,5_2_00405C49
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_00406873 FindFirstFileW,FindClose,5_2_00406873
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeCode function: 5_2_0040290B FindFirstFileW,5_2_0040290B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00136EE1 FindFirstFileExW,FindNextFileW,FindClose,FindClose,12_2_00136EE1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B2F3F6 FindFirstFileExW,FindNextFileW,FindClose,FindClose,17_2_00B2F3F6
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF66240C1C0 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,28_2_00007FF66240C1C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF66240C1C0 FindNextFileW,FindClose,FindFirstFileExW,GetLastError,GetFileAttributesW,31_2_00007FF66240C1C0
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF662394688 GetSystemInfo,28_2_00007FF662394688
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\3193ece0-f246-41a1-ac4b-de69be94c081.tmp
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\
Source: SetupEngine.exe, 00000005.00000003.2096717830.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: GET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
Source: SetupEngine.exe, 00000005.00000003.2096717830.000000000319D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000005.00000002.2298228778.0000000000671000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.SeT
Source: SetupEngine.exe, 00000005.00000003.2086807491.0000000003192000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.0000000000789000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1889884845.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.0000000000789000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.2295720054.0000000000717000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897992374.0000000000718000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897716746.0000000000718000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: SetupEngine.exe, 00000005.00000003.2087246730.00000000031A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=
Source: SetupEngine.exe, 00000005.00000003.2087004052.000000000319D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=
Source: explorer.exe, 0000001A.00000000.2397208142.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890744763.00000000007E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware%2C+Inc%2Es
Source: SetupEngine.exe, 00000005.00000003.2096717830.0000000003191000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: Remove folder: ted successfully.\Temp1.tmp\inetc.dllE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=error_mini_empty_pathoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000sedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000005.00000003.2271078120.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000%v
Source: SetupEngine.exe, 00000005.00000003.2271078120.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch=&version=2.338&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: fast!.exe, 0000000F.00000003.2317659836.00000000007C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX;z%SystemRoot%\system32\mswsock.dll^k5
Source: explorer.exe, 0000001A.00000000.2397208142.0000000009977000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
Source: fast!.exe, 00000011.00000002.2295717721.0000000001633000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductL11ZRT71434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.None3
Source: explorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTTAVMWare
Source: SetupEngine.exe, 00000005.00000003.2096944390.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x:
Source: SetupEngine.exe, 00000005.00000003.2096924465.00000000031B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000005.00000003.2085572098.0000000003192000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None
Source: explorer.exe, 0000001A.00000000.2395034944.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f&0&000000
Source: SetupEngine.exe, 00000005.00000003.2085781084.000000000318F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R
Source: SetupEngine.exeBinary or memory string: ogicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_nam
Source: SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000gpu8r
Source: explorer.exe, 0000001A.00000000.2389080482.0000000007A34000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBnx
Source: explorer.exe, 0000001A.00000000.2395034944.0000000009660000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000er
Source: explorer.exe, 0000001A.00000000.2383211441.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 0000001A.00000000.2397208142.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: k&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SetupEngine.exe, 00000005.00000003.2096944390.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: el.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000i??
Source: SetupEngine.exe, 00000005.00000003.2096842266.00000000031CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qs://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000))
Source: explorer.exe, 0000001A.00000000.2389080482.00000000079B1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATA
Source: explorer.exe, 0000001A.00000000.2383211441.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&0000000}
Source: explorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: fast!.exe, 00000011.00000002.2295584810.0000000001610000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
Source: SetupEngine.exe, 00000005.00000002.2298533824.0000000000717000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: nw.exe, 00000013.00000003.2377147992.00000229134BE000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2378139067.00000229134C6000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2377550531.00000229134C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll|)U
Source: SetupEngine.exe, 00000005.00000003.2096842266.00000000031C4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000005.00000003.2086114114.0000000003194000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32
Source: SetupEngine.exe, 00000005.00000003.2096944390.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+00022
Source: SetupEngine.exe, 00000005.00000003.2085327747.000000000318E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.
Source: SetupEngine.exe, 00000005.00000003.2096944390.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: qfast.io4D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x::
Source: fast!.exe, 0000000F.00000003.2284687666.0000000000777000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: SetupEngine.exe, 00000005.00000002.2298533824.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.2295720054.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897773609.00000000006A7000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1898048289.00000000006A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(ao%SystemRoot%\system32\mswsock.dllE
Source: SetupEngine.exe, 00000005.00000003.2096717830.000000000319D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: SetupEngine.exe, 00000005.00000003.2086329439.000000000319D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&
Source: SetupEngine.exe, 00000005.00000003.2086493730.0000000003193000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024
Source: SetupEngine.exe, 00000005.00000003.2096717830.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hostveryfast.ioGET /pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
Source: SetupEngine.exe, 00000005.00000003.2096924465.00000000031B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: explorer.exe, 0000001A.00000000.2395034944.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}$
Source: explorer.exe, 0000001A.00000000.2395034944.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NECVMWar VMware SATA CD00\w
Source: explorer.exe, 0000001A.00000000.2397208142.00000000098A8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: SetupEngine.exe, 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: &dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+0006602416DeviceIdnw.exexeNHmfgfslX.exepData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348222856\user\AppData\Local\FAST!\Temp\SetupEngine.exe6599724OCount>
Source: SetupEngine.exe, 00000005.00000003.2096924465.00000000031B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Cache-Controlno-cache/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: fast!.exe, 0000000F.00000003.2309723859.0000000003A49000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: SetupEngine.exe, 00000005.00000003.2096944390.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+0002Y
Source: SetupEngine.exe, 00000005.00000003.2085977742.00000000031A6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0
Source: SetupEngine.exe, 00000005.00000003.2086665354.00000000031A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device
Source: SetupEngine.exe, 00000005.00000002.2298533824.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.2295720054.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897716746.00000000006E0000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.1897992374.00000000006E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%\system32\dnsapi.dll,-103e
Source: SetupEngine.exe, 00000005.00000003.2087092520.0000000003190000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: q&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender
Source: SetupEngine.exe, 00000005.00000003.2096944390.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000ry
Source: SetupEngine.exe, 00000005.00000003.2096924465.00000000031B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/pixel.gif?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&version=2.338&evt_src=installer&evt_action=systeminfo&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000%b
Source: SetupEngine.exe, 00000005.00000003.2271078120.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://veryfast.io/register.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch=&version=2.338&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000%v
Source: SetupEngine.exe, 00000005.00000003.2096924465.00000000031B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000 HTTP/1.1
Source: SetupEngine.exe, 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: getsers\user\AppData\Local\Temp\nsyDC21.tmp\inetc.dllllngggpng.exeePtfGvhdjnYgzsvznoIqNOkKKqBkeXuZJrSzv\MaTNiJoEiRBLeqoNTQnBNHmfgfslX.exevirtmem=8387636&os_mem=4193332&cpu_name=Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware, Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8 SCSI Disk Device&disk_size=412300001200&sec_as=&sec_av=Windows Defender&sec_fw=&bios_releasedate=20221121000000.000000+000C:\Users\user\AppData\Local\FAST!\Temp\emp_settingseoneh-AEE6-C75AECD93BF0&_fcid=1709547169173348C:\Users\user\AppData\Local\Temp\nsyDC21.tmp25-11ce-bfc1-08002be10318}\00018C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\inetc.dllllEE6-C75AECD93BF0&_fcid=1709547169173348Setup was completed successfully.nstalled.
Source: SetupEngine.exe, 00000005.00000003.2271078120.00000000031AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348&ch=&version=2.338&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft%20Windows%2010%20Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_architecture=64-bit&os_virtmem=8387636&os_mem=4193332&cpu_name=Intel(R)%20Core(TM)2%20CPU%206600%20@%202.40%20GHz&cpu_maxclock=2000&cpu_cores=4&cpu_logicalproc=1&pc_vendor=VMware,%20Inc.&pc_version=None&gpu_name=F6VE865R&gpu_ram=0&gpu_bitsperpixel=32&gpu_x=1280&gpu_y=1024&disk_name=SPAC_PX8%20SCSI%20Disk%20Device&disk_size=412300001200&sec_as=&sec_av=Windows%20Defender&sec_fw=&bios_releasedate=20221121000000.000000+000
Source: explorer.exe, 0000001A.00000000.2383211441.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
Source: fast!.exe, 00000011.00000002.2295584810.0000000001610000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stringComputer System ProductComputer System ProductL11ZRT71434D56-1548-ED3D-AEE6-C75AECD93BF0VMware, Inc.Noney*
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeAPI call chain: ExitProcess graph end nodegraph_0-3453
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeAPI call chain: ExitProcess graph end nodegraph_5-3508
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Found API chain indicative of debugger detection
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_10-5567
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF662393758 rdtsc 28_2_00007FF662393758
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012F867 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0012F867
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AD0BA0 LoadLibraryW,GetProcAddress,GetProcAddress,FreeLibrary,17_2_00AD0BA0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_00137DDA GetProcessHeap,12_2_00137DDA
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess token adjusted: Debug
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess token adjusted: Debug
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00EDD5FA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,10_2_00EDD5FA
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012F867 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0012F867
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012B962 SetUnhandledExceptionFilter,12_2_0012B962
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012B5F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,12_2_0012B5F0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012B7FD IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,12_2_0012B7FD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B1A183 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00B1A183
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B153CD SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,17_2_00B153CD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B15C14 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,17_2_00B15C14
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B15DA7 SetUnhandledExceptionFilter,17_2_00B15DA7
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF6624D9548 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_00007FF6624D9548
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 28_2_00007FF662505BCC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_00007FF662505BCC
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF6624D9548 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,31_2_00007FF6624D9548
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeCode function: 31_2_00007FF662505BCC RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,31_2_00007FF662505BCC
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep, explorer.exe12_2_001223A0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: WTSGetActiveConsoleSessionId,WaitForSingleObject,CloseHandle,CreateToolhelp32Snapshot,OpenProcess,K32GetProcessImageFileNameW,CloseHandle,GetLastError,Sleep,Sleep,GetProcessTimes,GetSystemTimeAsFileTime,Sleep,InitializeCriticalSectionEx,GetLastError, explorer.exe12_2_00121D20
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xmlJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp Jump to behavior
Source: C:\Program Files (x86)\Fast!\fast!.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\fast!\user data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win64 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" --annotation=plat=win64 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=c:\program files (x86)\fast!\nwjs\gen" --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=c:\users\user\appdata\local\fast!\user data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" "--metrics-dir=c:\users\user\appdata\local\fast!\user data" --annotation=plat=win64 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=renderer --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=c:\program files (x86)\fast!\nwjs\gen" --no-zygote --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.processormetrics --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.utilwin --lang=en-gb --service-sandbox-type=none --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="c:\users\user\appdata\local\fast!\user data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeProcess created: C:\Program Files (x86)\Fast!\nwjs\nw.exe "c:\program files (x86)\fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=c:\users\user\appdata\local\fast!\user data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=c:\users\user\appdata\local\fast!\user data\crashpad" --annotation=plat=win64 --annotation=prod=fast! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50
Source: explorer.exe, 0000001A.00000000.2388451300.0000000004CE0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2384159383.00000000018A1000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.2395034944.0000000009815000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 0000001A.00000000.2384159383.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: fast!.exe, 0000000F.00000000.2275695708.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmpBinary or memory string: ...windowsinstallerwindows explorernwjspowershellvolume mixersetupfast!system traytask managerfolderviewwindows shellprogram managerwindows host processdefendersearch ControlPanelFileExplorerConsoleWindowHostMicrosoftEdgeWebView2HostProcessforWindowsTasksPickanappFilePickerUIHostCOMSurrogateLocationNotificationWindowsCommandProcessorPickanapplicationRuntimeBrokerWindowsProblemReportingConsentUIforadministrativeapplicationsEasyAnti-CheatBootstrapper(EOS)GameBarFullTrustCOMServerGoogleInstallerStartSearchNewnotificationTaskSwitching,
Source: explorer.exe, 0000001A.00000000.2383211441.0000000001240000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman$
Source: explorer.exe, 0000001A.00000000.2384159383.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
Source: fast!.exeBinary or memory string: program manager
Source: explorer.exe, 0000001A.00000000.2384159383.00000000018A1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: 12_2_0012B3DE cpuid 12_2_0012B3DE
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_0013482E
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,12_2_0013A058
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_0013A2AB
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,12_2_0013A3D4
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,12_2_00139C3B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_0013A4DA
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_00134D3B
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,12_2_0013A5B0
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: GetLocaleInfoW,12_2_00139E40
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_00139EE7
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_00139F32
Source: C:\Program Files (x86)\Fast!\FastSRV.exeCode function: EnumSystemLocalesW,12_2_00139FCD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_00B320E4
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_00B321CA
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,17_2_00B2C1CF
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_00B3212F
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,17_2_00B32255
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,17_2_00B324A8
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,17_2_00B325D1
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoW,17_2_00B326D7
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,17_2_00B327AD
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetLocaleInfoEx,17_2_00B14B14
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: EnumSystemLocalesW,17_2_00B2BC0C
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,17_2_00B31E38
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\images\fast.png VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\SCT Auditing Pending Reports VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\js\ui.bin VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Program Files (x86)\Fast!\ui\package.json VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0516~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0110~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00AF1610 OpenEventW,PulseEvent,CreateEventW,GetTickCount64,GetTickCount64,GetTickCount64,GetTickCount64,CreateNamedPipeW,Sleep,Sleep,ShellExecuteW,Sleep,__Mtx_unlock,__Mtx_destroy_in_situ,FreeLibrary,std::_Throw_Cpp_error,std::_Throw_Cpp_error,17_2_00AF1610
Source: C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exeCode function: 10_2_00EDD498 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,10_2_00EDD498
Source: C:\Program Files (x86)\Fast!\fast!.exeCode function: 17_2_00B2CDE2 GetTimeZoneInformation,17_2_00B2CDE2
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiSpywareProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from AntiVirusProduct
Source: C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : Select displayName from FirewallProduct

Stealing of Sensitive Information

barindex
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Program Files (x86)\Fast!\nwjs\nw.exeFile opened: C:\Users\user\AppData\Local\FAST!\User Data\Default\History

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Valid Accounts		241
Windows Management Instrumentation		1
DLL Side-Loading		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		1
OS Credential Dumping		2
System Time Discovery		Remote Services1
Archive Collected Data		1
Encrypted Channel		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomains1
Replication Through Removable Media		4
Native API		1
Valid Accounts		1
Valid Accounts		2
Obfuscated Files or Information		21
Input Capture		11
Peripheral Device Discovery		Remote Desktop Protocol1
Data from Local System		Junk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts13
Command and Scripting Interpreter		3
Windows Service		11
Access Token Manipulation		1
DLL Side-Loading		Security Account Manager1
System Network Connections Discovery		SMB/Windows Admin Shares21
Input Capture		SteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts2
Service Execution		1
Registry Run Keys / Startup Folder		3
Windows Service		12
Masquerading		NTDS3
File and Directory Discovery		Distributed Component Object Model1
Clipboard Data		Protocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd1
Bootkit		23
Process Injection		1
Valid Accounts		LSA Secrets188
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
Registry Run Keys / Startup Folder		35
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Access Token Manipulation		DCSync571
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job23
Process Injection		Proc Filesystem35
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
Bootkit		/etc/passwd and /etc/shadow3
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
Remote System Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1403894 Sample: 9c23f857-b0b9-47d6-b664-47a... Startdate: 06/03/2024 Architecture: WINDOWS Score: 42 100 Multi AV Scanner detection for dropped file 2->100 102 Multi AV Scanner detection for submitted file 2->102 104 Found stalling execution ending in API Sleep call 2->104 106 Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes) 2->106 9 9c23f857-b0b9-47d6-b664-47a3132066f4.exe 50 2->9         started        14 FastSRV.exe 2->14         started        16 svchost.exe 1 2 2->16         started        process3 dnsIp4 92 161.35.127.181 DIGITALOCEAN-ASNUS United States 9->92 94 89.187.187.15 CDN77GB Czech Republic 9->94 68 C:\Users\user\AppData\Local\...\nsDialogs.dll, PE32 9->68 dropped 70 C:\Users\user\AppData\Local\...\inetc.dll, PE32 9->70 dropped 72 C:\Users\user\AppData\Local\...\Banner.dll, PE32 9->72 dropped 74 3 other files (1 malicious) 9->74 dropped 118 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 9->118 18 SetupEngine.exe 23 243 9->18         started        22 chrome.exe 1 9->22         started        25 fast!.exe 14->25         started        96 23.206.6.29 AKAMAI-ASUS United States 16->96 98 127.0.0.1 unknown unknown 16->98 file5 signatures6 process7 dnsIp8 58 C:\Users\user\AppData\Local\...\inetc.dll, PE32 18->58 dropped 60 C:\Users\user\AppData\Local\...\SimpleSC.dll, PE32 18->60 dropped 62 C:\Users\user\AppData\Local\...\diskspd.exe, PE32 18->62 dropped 64 17 other files (15 malicious) 18->64 dropped 108 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 18->108 27 cmd.exe 2 18->27         started        29 chrome.exe 18->29         started        31 fast!.exe 18->31         started        88 192.168.2.4 unknown unknown 22->88 90 239.255.255.250 unknown Reserved 22->90 33 chrome.exe 22->33         started        36 nw.exe 25->36         started        file9 signatures10 process11 dnsIp12 40 diskspd.exe 2 27->40         started        43 conhost.exe 27->43         started        45 chrome.exe 29->45         started        76 142.250.101.139 GOOGLEUS United States 33->76 78 142.251.2.113 GOOGLEUS United States 33->78 80 9 other IPs or domains 33->80 66 C:\Users\user\AppData\Local\FAST!\...\History, SQLite 36->66 dropped 110 Tries to harvest and steal browser information (history, passwords, etc) 36->110 47 nw.exe 36->47         started        49 nw.exe 36->49         started        51 nw.exe 36->51         started        54 7 other processes 36->54 file13 signatures14 process15 dnsIp16 112 Found API chain indicative of debugger detection 40->112 114 Contains functionality to infect the boot sector 40->114 116 Query firmware table information (likely to detect VMs) 47->116 56 nw.exe 49->56         started        82 142.250.101.106 GOOGLEUS United States 51->82 84 162.159.61.3 CLOUDFLARENETUS United States 51->84 86 172.64.41.3 CLOUDFLARENETUS United States 51->86 signatures17 process18

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
9c23f857-b0b9-47d6-b664-47a3132066f4.exe17%VirustotalBrowse

Dropped Files

SourceDetectionScannerLabelLink
C:\Program Files (x86)\Fast!\FastSRV.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\fast!.exe25%ReversingLabsWin32.Trojan.Generic
C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\node.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.dll3%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw.exe4%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll0%ReversingLabs
C:\Program Files (x86)\Fast!\uninstaller.exe4%ReversingLabs
C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh723C.tmp\Banner.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh723C.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh723C.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsDialogs.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\SimpleSC.dll4%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\System.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\inetc.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\nsExec.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://anglebug.com/46330%URL Reputationsafe
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#0%URL Reputationsafe
https://anglebug.com/73820%URL Reputationsafe
http://unisolated.invalid/0%URL Reputationsafe
http://anglebug.com/69290%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/73690%URL Reputationsafe
https://anglebug.com/74890%URL Reputationsafe
https://wwww.certigna.fr/autorites/0m0%URL Reputationsafe
http://anglebug.com/47220%URL Reputationsafe
https://outlook.com_0%URL Reputationsafe
http://anglebug.com/35020%URL Reputationsafe
http://anglebug.com/36230%URL Reputationsafe
http://anglebug.com/36250%URL Reputationsafe
http://anglebug.com/36240%URL Reputationsafe
http://anglebug.com/38620%URL Reputationsafe
http://anglebug.com/48360%URL Reputationsafe
http://schemas.micro0%URL Reputationsafe
http://anglebug.com/39700%URL Reputationsafe
http://anglebug.com/59010%URL Reputationsafe
http://anglebug.com/39650%URL Reputationsafe
https://anglebug.com/71610%URL Reputationsafe
https://anglebug.com/71620%URL Reputationsafe
http://anglebug.com/59060%URL Reputationsafe
http://anglebug.com/25170%URL Reputationsafe
http://anglebug.com/49370%URL Reputationsafe
http://anglebug.com/5281iT0%Avira URL Cloudsafe
http://anglebug.com/5658010%Avira URL Cloudsafe
https://tc39.es/ecma262/#sec-timeclip0%Avira URL Cloudsafe
https://anglebug.com/4966~T0%Avira URL Cloudsafe
https://webassembly.github.io/spec/web-api0%Avira URL Cloudsafe
http://anglebug.com/3206UU0%Avira URL Cloudsafe
http://anglebug.com/8229HT0%Avira URL Cloudsafe
http://anglebug.com/5535DT~0%Avira URL Cloudsafe
http://anglebug.com/8215CT0%Avira URL Cloudsafe
https://heycam.github.io/webidl/#es-iterable-entries0%Avira URL Cloudsafe
https://anglebug.com/7320LUv0%Avira URL Cloudsafe
https://heycam.github.io/webidl/#dfn-iterator-prototype-object0%Avira URL Cloudsafe
http://anglebug.com/5906$T0%Avira URL Cloudsafe
http://anglebug.com/82970%Avira URL Cloudsafe
https://clients2.googl0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348false
    		high
    https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348false
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://aka.ms/odirmrexplorer.exe, 0000001A.00000000.2389080482.00000000079FB000.00000004.00000001.00020000.00000000.sdmpfalse
        		high
        https://repcdn.veryfast.io/download/2.338/SetupEngine.exef9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717401806.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001A.00000000.2395034944.00000000097D4000.00000004.00000001.00020000.00000000.sdmpfalse
            		high
            http://anglebug.com/4633nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1888677948.00000000031FC000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://anglebug.com/7382nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://anglebug.com/5281iTnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/nodejs/node/pull/35941nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://console.spec.whatwg.org/#tablenw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://crashpad.chromium.org/https://crashpad.chromium.org/bug/newnw.exe, 00000012.00000000.2305429138.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000013.00000000.2309978949.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000014.00000000.2312012601.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000015.00000000.2316369605.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000016.00000000.2320562623.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000017.00000000.2352294404.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 00000019.00000000.2362172002.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000000.2450175208.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001C.00000002.2468461405.00007FF662515000.00000002.00000001.01000000.00000018.sdmp, nw.exe, 0000001E.00000000.2619034198.00007FF662515000.00000002.00000001.01000000.00000018.sdmpfalse
                  		high
                  https://g.live.com/odclientsettings/Prod.C:svchost.exe, 00000002.00000003.1692693903.000001F93BE56000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gTUYexplorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                      		high
                      https://encoding.spec.whatwg.org/#textencodernw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://unisolated.invalid/nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367181594.000002AC5A683000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://goo.gl/t5IS6M).nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          http://scripts.sil.org/OFLCnw.exe, 00000019.00000003.2581436052.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2581224704.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://url.spec.whatwg.org/#concept-urlencoded-serializernw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              http://anglebug.com/6929nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://url.spec.whatwg.org/#dom-urlsearchparams-urlsearchparamsnw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_is_a_half-closed_filedescriptor.3Fnw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://nodejs.org/api/fs.htmlnw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    http://anglebug.com/565801nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.autoitscript.com/autoit3/Jexplorer.exe, 0000001A.00000000.2402233699.000000000C964000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/nodejs/node/pull/21313nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://anglebug.com/7246nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://anglebug.com/7369nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://anglebug.com/7489nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://scripts.sil.org/OFLhnw.exe, 00000019.00000003.2581436052.0000023EC8CCF000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.midnight-commander.org/browser/lib/tty/key.cnw.exe, 00000019.00000003.2593237854.000055B300582000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2590172850.000055B300982000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gHZuexplorer.exe, 0000001A.00000000.2389080482.00000000078AD000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		high
                                              https://wwww.certigna.fr/autorites/0mnw.exe, 00000019.00000003.2673087575.0000023F09A45000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.squid-cache.org/Doc/config/half_closed_clients/nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.msn.com/en-us/weather/topstories/us-weather-super-el-nino-to-bring-more-flooding-and-winexplorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://anglebug.com/4966~Tnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://tc39.es/ecma262/#sec-timeclipnw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://issuetracker.google.com/161903006nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://github.com/nodejs/node/pull/33661nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/nodejs/node/pull/48477#issuecomment-1604586650nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gMeuexplorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://veryfast.io/-nw.exe, 00000019.00000003.2590172850.000055B300842000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://code.google.com/p/chromium/issues/detail?id=25916nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://veryfast.io/PR9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673798261.00000000031E0000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1673850224.00000000031EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://webidl.spec.whatwg.org/#abstract-opdef-converttointnw.exe, 00000019.00000003.2585519146.000055B3008C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437201363.000055B300082000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://veryfast.io/0SetupEngine.exe, 00000005.00000003.2096717830.00000000031AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anglebug.com/4722nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://webassembly.github.io/spec/web-apinw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://github.com/nodejs/node/pull/12607nw.exe, 00000019.00000003.2437658807.000055B300802000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437278530.000055B300102000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B300802000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://chrome.google.com/webstore?hl=en-GBzNZnw.exe, 00000012.00000003.2367638976.000002AC5A4E3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://outlook.com_explorer.exe, 0000001A.00000000.2402233699.000000000C5AA000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		low
                                                                        https://html.spec.whatwg.org/multipage/webappapis.html#windoworworkerglobalscope.nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.unicode.org/Public/UNIDATA/EastAsianWidth.txtnw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://anglebug.com/3206UUnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348gSetupEngine.exe, 00000005.00000003.2296064148.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000003.2270837704.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2300268870.00000000031DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://anglebug.com/8229HTnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348jSetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://anglebug.com/3502nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://anglebug.com/3623nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://veryfast.io/download.php?engine=1&guid=9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1890689049.0000000000717000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/3625nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://veryfast.io/fast!.exe, fast!.exe, 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, fast!.exe, 00000011.00000000.2285546064.0000000000B40000.00000002.00000001.01000000.00000017.sdmp, nw.exe, 00000019.00000003.2590082728.00007C3800650000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2593119865.00007C3800660000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://anglebug.com/3624nw.exe, 00000012.00000003.2367181594.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2351493114.000002AC5A6B2000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369388513.000002AC5A6CF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://anglebug.com/5535DT~nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.unicode.org/copyright.htmlnw.exe, 0000001E.00000002.2636073264.000002315F8B7000.00000002.00000001.00040000.00000027.sdmpfalse
                                                                                      		high
                                                                                      https://chrome.google.com/webstore?hl=en-GBnw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A4E3000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://anglebug.com/8215CTnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://anglebug.com/3862nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://anglebug.com/4836nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://issuetracker.google.com/issues/166475273nw.exe, 00000012.00000003.2368520439.000002AC5A375000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.microexplorer.exe, 0000001A.00000000.2397489696.0000000009B60000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.2391691146.0000000007F40000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 0000001A.00000000.2393282506.0000000008720000.00000002.00000001.00040000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://heycam.github.io/webidl/#es-iterable-entriesnw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://anglebug.com/7320LUvnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://github.com/nodejs/node/issuesnw.exe, 00000019.00000003.2372145566.0000023F09A01000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://url.spec.whatwg.org/#urlsearchparamsnw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://infra.spec.whatwg.org/#ascii-whitespacenw.exe, 00000019.00000003.2438611118.000055B3006C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2585519146.000055B3006C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.msn.com/en-us/lifestyle/travel/i-ve-worked-at-a-campsite-for-5-years-these-are-the-15-miexplorer.exe, 0000001A.00000000.2389080482.0000000007900000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://anglebug.com/3970nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://www.rfc-editor.org/rfc/rfc9110#section-5.2nw.exe, 00000019.00000003.2584461819.000055B300042000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://streams.spec.whatwg.org/#example-manual-write-with-backpressurenw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#dom-setintervalnw.exe, 00000019.00000003.2585519146.000055B300702000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2438611118.000055B300702000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://issuetracker.google.com/284462263Qnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://anglebug.com/5906$Tnw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://heycam.github.io/webidl/#dfn-iterator-prototype-objectnw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://clients2.googlnw.exe, 00000013.00000003.2359901450.00000229135EF000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000013.00000003.2375414573.00000229135EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348ZgSetupEngine.exe, 00000005.00000002.2298228778.0000000000685000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://anglebug.com/8297nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            http://anglebug.com/5901nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://repcdn.veryfast.io/download/2.338/SetupEngine.exe29c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://anglebug.com/3965nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://anglebug.com/7161nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://github.com/nodejs/node/pull/32887nw.exe, 00000019.00000003.2593237854.000055B300542000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://anglebug.com/7162nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                https://issuetracker.google.com/292285899nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://github.com/nodejs/node/issues/19009nw.exe, 00000019.00000003.2590172850.000055B3007C2000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2437488723.000055B300042000.00000004.00001000.00020000.00000000.sdmp, nw.exe, 00000019.00000003.2435269180.000055B3007C2000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anglebug.com/5906nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://repcdn.veryfast.io/download/2.338/SetupEngine.exe69c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1717401806.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000002.1891151241.00000000031ED000.00000004.00000020.00020000.00000000.sdmp, 9c23f857-b0b9-47d6-b664-47a3132066f4.exe, 00000000.00000003.1890275734.00000000031EB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://anglebug.com/2517nw.exe, 00000012.00000003.2351493114.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmp, nw.exe, 00000012.00000003.2369684682.000002AC5A5E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://anglebug.com/4937nw.exe, 00000012.00000003.2367638976.000002AC5A50E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348/SetupEngine.exe, 00000005.00000003.2296064148.00000000031DD000.00000004.00000020.00020000.00000000.sdmp, SetupEngine.exe, 00000005.00000002.2300268870.00000000031DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high

                                                                                                                        World Map of Contacted IPs

                                                                                                                        • No. of IPs < 25%
                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                        • 75% < No. of IPs

                                                                                                                        Public IPs

                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                        142.250.101.139
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        142.250.101.106
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        143.244.51.207
                                                                                                                        		unknownUnited States
                                                                                                                        		174COGENT-174USfalse
                                                                                                                        1.1.1.1
                                                                                                                        		unknownAustralia
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        23.206.6.29
                                                                                                                        		unknownUnited States
                                                                                                                        		16625AKAMAI-ASUSfalse
                                                                                                                        89.187.187.12
                                                                                                                        		unknownCzech Republic
                                                                                                                        		60068CDN77GBfalse
                                                                                                                        142.251.2.84
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        89.187.187.15
                                                                                                                        		unknownCzech Republic
                                                                                                                        		60068CDN77GBfalse
                                                                                                                        142.251.2.95
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        142.251.2.94
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        31.13.65.7
                                                                                                                        		unknownIreland
                                                                                                                        		32934FACEBOOKUSfalse
                                                                                                                        142.251.2.147
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        142.251.2.113
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        162.159.61.3
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                        239.255.255.250
                                                                                                                        		unknownReserved
                                                                                                                        		unknownunknownfalse
                                                                                                                        161.35.127.181
                                                                                                                        		unknownUnited States
                                                                                                                        		14061DIGITALOCEAN-ASNUSfalse
                                                                                                                        74.125.137.94
                                                                                                                        		unknownUnited States
                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                        172.64.41.3
                                                                                                                        		unknownUnited States
                                                                                                                        		13335CLOUDFLARENETUSfalse

                                                                                                                        Private

                                                                                                                        IP
                                                                                                                        192.168.2.4
                                                                                                                        127.0.0.1

                                                                                                                        General Information

                                                                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                        Analysis ID:1403894
                                                                                                                        Start date and time:2024-03-06 10:34:06 +01:00
                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                        Overall analysis duration:0h 13m 48s
                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                        Report type:full
                                                                                                                        Cookbook file name:default.jbs
                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                        Number of analysed new started processes analysed:32
                                                                                                                        Number of new started drivers analysed:0
                                                                                                                        Number of existing processes analysed:0
                                                                                                                        Number of existing drivers analysed:0
                                                                                                                        Number of injected processes analysed:1
                                                                                                                        Technologies:
                                                                                                                        • HCA enabled
                                                                                                                        • EGA enabled
                                                                                                                        • AMSI enabled
                                                                                                                        Analysis Mode:default
                                                                                                                        Analysis stop reason:Timeout
                                                                                                                        Sample name:9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                        (renamed file extension from none to exe)
                                                                                                                        Original Sample Name:9c23f857-b0b9-47d6-b664-47a3132066f4
                                                                                                                        Detection:MAL
                                                                                                                        Classification:mal42.spyw.evad.winEXE@58/369@0/20
                                                                                                                        EGA Information:
                                                                                                                        • Successful, ratio: 87.5%
                                                                                                                        HCA Information:
                                                                                                                        • Successful, ratio: 78%
                                                                                                                        • Number of executed functions: 134
                                                                                                                        • Number of non-executed functions: 272
                                                                                                                        Cookbook Comments:
                                                                                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                        Warnings

                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                        • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                        • Skipping network analysis since amount of network traffic is too extensive

                                                                                                                        Simulations

                                                                                                                        Behavior and APIs

                                                                                                                        TimeTypeDescription
                                                                                                                        10:34:58API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                        10:36:04API Interceptor1x Sleep call for process: nw.exe modified
                                                                                                                        10:36:12API Interceptor1313x Sleep call for process: explorer.exe modified
                                                                                                                        10:36:33API Interceptor5153161x Sleep call for process: fast!.exe modified

                                                                                                                        Joe Sandbox View / Context

                                                                                                                        IPs

                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                        143.244.51.207https://cnpqssser3.com/web/page/index.phpGet hashmaliciousUnknownBrowse
                                                                                                                          162.159.61.3I_ CDE Awb_ 8995067407.msgGet hashmaliciousDBatLoaderBrowse
                                                                                                                            http://trafign.cluster029.hosting.ovh.net/fuelcartpo/vurte/Get hashmaliciousUnknownBrowse
                                                                                                                              Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                phish_alert_iocp_v1.4.48 (6).emlGet hashmaliciousFake Captcha, HTMLPhisherBrowse
                                                                                                                                  boost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    http://213.109.202.222/download/xml.xmlGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                      http://tand6000.dk/files/files/zizami.pdfGet hashmaliciousPDFPhishBrowse
                                                                                                                                        https://www.colortrac.com/netapp/Get hashmaliciousUnknownBrowse
                                                                                                                                          SEDBK.zipGet hashmaliciousUnknownBrowse
                                                                                                                                            SecuriteInfo.com.Trojan.StartPage1.57411.26596.3304.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              1.1.1.1PO-230821_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                                                              • www.974dp.com/sn26/?kJBLpb8=qaEGeuQorcUQurUZCuE8d9pas+Z0M0brqtX248JBolEfq8j8F1R9i1jKZexhxY54UlRG&ML0tl=NZlpi
                                                                                                                                              AFfv8HpACF.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 1.1.1.1/
                                                                                                                                              INVOICE_90990_PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                              • www.quranvisor.com/usvr/?mN9d3vF=HHrW7cA9N4YJlebHFvlsdlDciSnnaQItEG8Ccfxp291VjnjcuwoPACt7EOqEq4SWjIf8&Pjf81=-Zdd-V5hqhM4p2S
                                                                                                                                              Go.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              • 1.1.1.1/
                                                                                                                                              239.255.255.250https://r20.rs6.net/tn.jsp?f=001woRi3_IBLR7xd4CFc-rCCtzgEtLmDlq2Q8hq6tydFaZCGYucU1Mq3x8KigHJI8u01XqzggZcT4VV-w-OJew3ypBUF8m-_-RoHacY1xSzIxwsKuqQfkemJzd96LH6ilc8voDdpL4kvBelRGBxIbj3cQ==&c=&ch=&__=ZG9ycmlnb0BlbGRlcnMuY29tLmF1Get hashmaliciousUnknownBrowse
                                                                                                                                                https://r20.rs6.net/tn.jsp?f=001Rqz3xvcYlXUN_YX2Bim-QccBMZCy9pHttXmTiC6MmwjQOOx1ZReJwuCB4TTvyvmX9PoTMHU8zHtC7SkRPvSOBmVc_57oTMBCCNunpGRDFOSCpf-TzpJPIpBGpEfCuvlvaHybTfnJd_3-QPjnZLH2Ow==&c=&ch=&__=U2hhbmVTaWJiZWxAYmxhY2tzdG9uZWNoYW1iZXJzLmNvbQ==Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                  https://metasystemcheck.com/index.php?appealGet hashmaliciousUnknownBrowse
                                                                                                                                                    https://click.pstmrk.it/3s/bfsdqbhdfqsbhdf.blogspot.com%2F/lvid/EsqzAQ/AQ/3d6bdb2c-8ba6-4238-a213-e9cee32f03d6/2/EhSnAlFZDV#cl/210168_smd/274/3553163/3122/3317/328533Get hashmaliciousUnknownBrowse
                                                                                                                                                      To privacy@cabel.it 71949648 March 2024 .HTMLGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        https://app.getresponse.com/view.html?x=a62b&m=B0pKJb&u=IUAMy&z=EBsaJjJ&o=pp_5Get hashmaliciousUnknownBrowse
                                                                                                                                                          http://filesangebotfiles.topGet hashmaliciousUnknownBrowse
                                                                                                                                                            http://accuracyswede.comGet hashmaliciousUnknownBrowse
                                                                                                                                                              https://tracker.club-os.com/campaign/click?99559ms99559gId=d738c6bd137e6a03157c6c728cbc659e734fc398&test=false&target=https://waterdamage-sanantonio.net/rhdai/mv/auth/bruce.gerber/YnJ1Y2UuZ2VyYmVyQG1hcnlsYW5kLmdvdg==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                https://api.spently.com/api/spently/click?id=105133&store=hotelcollection&type=OI&cid=6272440696998&url=r20.rs6.net/tn.jsp?f=001I13MqBq24Teb-ms1-xydTCiVDYP5m1iGycpzcmqktk6WbPU7N7Tk5fjF-m-9fTAiBDbE2PrFzBux_C_H-WPOeAN7C6b7qH4hWL1-1pMgZMEFAqy4cSguAzOgZXZ8hSd-emmInj9ONws2JsaE6FiWPw==&c=&ch==&__=/asdf/c2NvdHQuYnJvd25AbWxjaW5zdXJhbmNlLmNvbS5hdQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  89.187.187.12https://freeservicesupdate.servepics.com/login/Get hashmaliciousUnknownBrowse

                                                                                                                                                                    Domains

                                                                                                                                                                    No context

                                                                                                                                                                    ASNs

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    CLOUDFLARENETUShttps://r20.rs6.net/tn.jsp?f=001Rqz3xvcYlXUN_YX2Bim-QccBMZCy9pHttXmTiC6MmwjQOOx1ZReJwuCB4TTvyvmX9PoTMHU8zHtC7SkRPvSOBmVc_57oTMBCCNunpGRDFOSCpf-TzpJPIpBGpEfCuvlvaHybTfnJd_3-QPjnZLH2Ow==&c=&ch=&__=U2hhbmVTaWJiZWxAYmxhY2tzdG9uZWNoYW1iZXJzLmNvbQ==Get hashmaliciousHtmlDropper, HTMLPhisherBrowse
                                                                                                                                                                    • 172.67.164.112
                                                                                                                                                                    https://metasystemcheck.com/index.php?appealGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 104.17.2.184
                                                                                                                                                                    dmDeFvntUL.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                    • 104.21.65.24
                                                                                                                                                                    To privacy@cabel.it 71949648 March 2024 .HTMLGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    • 104.17.24.14
                                                                                                                                                                    https://app.getresponse.com/view.html?x=a62b&m=B0pKJb&u=IUAMy&z=EBsaJjJ&o=pp_5Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 104.17.2.184
                                                                                                                                                                    PO20240306.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                    • 172.67.209.67
                                                                                                                                                                    8lypeeOlrN.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                    • 104.21.65.24
                                                                                                                                                                    SecuriteInfo.com.Trojan.PackedNET.2725.27231.18654.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                                    • 104.21.27.85
                                                                                                                                                                    CgoegMEw8J.exeGet hashmaliciousLummaC, Babuk, Djvu, Glupteba, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                                    • 172.67.192.62
                                                                                                                                                                    dodatkowe (03).docx.exeGet hashmaliciousAgentTesla, DarkTortillaBrowse
                                                                                                                                                                    • 104.26.13.205
                                                                                                                                                                    COGENT-174UShttps://app.getresponse.com/view.html?x=a62b&m=B0pKJb&u=IUAMy&z=EBsaJjJ&o=pp_5Get hashmaliciousUnknownBrowse
                                                                                                                                                                    • 143.244.50.91
                                                                                                                                                                    75C8OqdJUQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 45.91.72.33
                                                                                                                                                                    75C8OqdJUQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 45.91.72.33
                                                                                                                                                                    veI4h2PBGygt7iF.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                    • 38.173.198.78
                                                                                                                                                                    00000345675419.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                    • 38.6.245.85
                                                                                                                                                                    factura pendiente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                                    • 154.39.248.133
                                                                                                                                                                    SecuriteInfo.com.Trojan.Win32.Hider.31247.23102.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 154.55.67.191
                                                                                                                                                                    Shipping Document.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 45.91.72.33
                                                                                                                                                                    Reiven RFQ-04032024.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                    • 45.91.72.33
                                                                                                                                                                    Kazeem Engineering and Technical Services.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                    • 45.91.72.33
                                                                                                                                                                    AKAMAI-ASUSdmDeFvntUL.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, SmokeLoaderBrowse
                                                                                                                                                                    • 184.85.65.125
                                                                                                                                                                    8lypeeOlrN.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                    • 184.85.65.125
                                                                                                                                                                    CgoegMEw8J.exeGet hashmaliciousLummaC, Babuk, Djvu, Glupteba, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                                    • 23.51.204.111
                                                                                                                                                                    cBY69mSf3Y.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 88.221.207.249
                                                                                                                                                                    SQwB4jzELt.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                    • 95.101.248.59
                                                                                                                                                                    VSSB8qxqwA.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                    • 104.105.90.131
                                                                                                                                                                    52CMukEtnK.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                    • 104.102.129.112
                                                                                                                                                                    Oni0XhPXyF.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog StealerBrowse
                                                                                                                                                                    • 104.102.129.112
                                                                                                                                                                    http://omgfreeet.liveGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 23.56.162.111
                                                                                                                                                                    https://www.trabajos.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                    • 104.76.100.229

                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                    No context

                                                                                                                                                                    Dropped Files

                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                    C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dllSetup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                      C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dllhttps://download1.rstudio.org/electron/windows/RStudio-2023.12.1-402.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                        webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                          webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                            Launcher.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              boost.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                Cunola.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  Setup (1).exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      webex.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        Uniapt Setup.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\BigTestFile

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):25600000
                                                                                                                                                                                          Entropy (8bit):0.022346260236084957
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:k/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/+/:
                                                                                                                                                                                          MD5:44FB8F21B6795D6CF2F1F5A5484920DF
                                                                                                                                                                                          SHA1:2E319197D4658E4DF3AAA447C02CDA27637A9AC4
                                                                                                                                                                                          SHA-256:BAC18353056434C0E46E6AB842551AAD43A8DFE03C060167F3D02CBD46825046
                                                                                                                                                                                          SHA-512:07A7C97F3D03AD1F418EE31F7D6A3F4D474FCDCF250387433B779A41F042783810276CDADF0542670049E13659A05544F60DED4982C89F0DF25B967423D61FEF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\FastSRV.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):187728
                                                                                                                                                                                          Entropy (8bit):6.546631521874263
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:yVK4L7fx9tWG76M2CDuLMzV4VV3qRb7mJZJemG15j6f2Krpj60:/yfxak6mD5VO3qce6xpj60
                                                                                                                                                                                          MD5:99A0AFAF20877C3807D5EF292FACDDC7
                                                                                                                                                                                          SHA1:3D5676CF1CFA6908C1FBC8E8DF4AA69E44CD8444
                                                                                                                                                                                          SHA-256:04ADC16448C10636AF97137AFBCF32807EF0A599919EC871820BB279FA3BCDD2
                                                                                                                                                                                          SHA-512:6C0F23433D356707C410C8569B3B8D083CBC2D22DBA7EB538E47EFF53BB90D814F71E0138DDD7798A43291B9BC6A317CFED284E9C52F1E7C56D2C53B77413A34
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................T.................................g.....gD....g....Rich..........................PE..L...Q..e...............%............T.............@.................................9.....@.................................0...x.......................P-..........xk..p....................l.......j..@............................................text...,........................... ..`.rdata..............................@..@.data...8...........................@....rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\fast!.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):769872
                                                                                                                                                                                          Entropy (8bit):6.578253054311399
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:EUqEHeHb6dFSKYLlPyDfQhtxnco+GGUsROl2zv6j9KSWhvrxq5RFjLRaslbkh:EUbWlPyD5o+G1sFv6j9KSavI5RBRn1kh
                                                                                                                                                                                          MD5:A2EF6C8CCFBEEE722F02C9744272449A
                                                                                                                                                                                          SHA1:9B60C5D3890A8E44C16D3CA7446876E91C4223E0
                                                                                                                                                                                          SHA-256:45F4752B7D517A3FF4D00C5E8ED2D475F6E5809B70DCA55EA12A489544FD9E84
                                                                                                                                                                                          SHA-512:3803F2741A30D69500F3CD0E66A5F99B79394BA20F5DBBB948295E597E49CF05D337D1DE3B97BC0D0C7BEB18D0725B260C0F7C9C04524FD94B340BDC01DFE934
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 25%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Hl.7...d...d...dGu.e...dGu.e...d.r.e...d.r.e...d.r.eh..dGu.e...dGu.e...d...d...d4..e(..d4..d...d..yd...d4..e...dRich...d........PE..L...L..e...............%.............X............@................................._9....@..............................................D..............P-...`...f......p...................@...........@...............x............................text............................... ..`.rdata..6...........................@..@.data....U.......D..................@....rsrc....D.......F..................@..@.reloc...f...`...h...*..............@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\credits.html

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9285528
                                                                                                                                                                                          Entropy (8bit):4.830539768724432
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:mDWFy1PJPMPJTV/ti5DSP12dvbV2W20v6vqKesb+uUPJNPJ6PJiPJzPJdWfsvDAT:mDWFQhCr/tipQcdp2z6IDesaDqG1lva
                                                                                                                                                                                          MD5:C2F7BC99A1BBDAEEDC88DD2F1678C1D8
                                                                                                                                                                                          SHA1:560222008DBB6C51DBA7E5F8284ECEBCDF8692BE
                                                                                                                                                                                          SHA-256:DE1CE7A596D3C09D91F8F0F21CA835E25F981D0799C8B12CB470CE3AF1DCE65B
                                                                                                                                                                                          SHA-512:A2808A0A6F4415E70C4F2F628B4E8B97D4461E03453A9C772E7B8B4F889DF8660768B3D71DBD1B26E6D41D11C2C6FB0A0E1A2F9E549012BD2942D7B22893BFAD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview: Generated by licenses.py; do not edit. --><!doctype html>..<html>..<head>..<meta charset="utf-8">..<meta name="viewport" content="width=device-width">..<meta name="color-scheme" content="light dark">..<title>Credits</title>..<link rel="stylesheet" href="chrome://resources/css/text_defaults.css">..<link rel="stylesheet" href="chrome://credits/credits.css">..</head>..<body>..<span class="page-title">Credits</span>..<a id="print-link" href="#" hidden>Print</a>..<div class="open-sourced">.. Chromium software is made available as source code.. <a href="https://source.chromium.org/chromium">here</a>...</div>....<div style="clear:both; overflow:auto;"> Chromium <3s the following projects -->..<div class="product">..<span class="title">2-dim General Purpose FFT (Fast Fourier/Cosine/Sine Transform) Package</span>..<span class="homepage"><a href="http://www.kurims.kyoto-u.ac.jp/~ooura/fft.html">homepage</a></span>..<input type="checkbox" hidden id="0">..<label class="show" for="0"

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\d3dcompiler_47.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4916712
                                                                                                                                                                                          Entropy (8bit):6.398049523846958
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:KCZnRO4XyM53Rkq4ypQqdoRpmruVNYvkaRwvhiD0N+YEzI4og/RfzHLeHTRhFRNc:xG2QCwmHPnog/pzHAo/A6l
                                                                                                                                                                                          MD5:2191E768CC2E19009DAD20DC999135A3
                                                                                                                                                                                          SHA1:F49A46BA0E954E657AAED1C9019A53D194272B6A
                                                                                                                                                                                          SHA-256:7353F25DC5CF84D09894E3E0461CEF0E56799ADBC617FCE37620CA67240B547D
                                                                                                                                                                                          SHA-512:5ADCB00162F284C16EC78016D301FC11559DD0A781FFBEFF822DB22EFBED168B11D7E5586EA82388E9503B0C7D3740CF2A08E243877F5319202491C8A641C970
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: , Detection: malicious, Browse
                                                                                                                                                                                          • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: Launcher.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: boost.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: Cunola.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: webex.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: Uniapt Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|3..]...]...]..e\...]...\.5.]..e...]..wX...]..wY...]..e^...]..eX.y.]..eY...]..e]...]..eU./.]..e....]..e_...].Rich..].................PE..d...^.}`.........." ......8..........<).......................................K.....:FK...`A........................................`%G.x....(G.P.....J.@.....H.......J..%....J.....p.D.p....................S<.(...pR<.@............S<.(............................text.....8.......8................. ..`.rdata...F....8..P....8.............@..@.data...`....@G......@G.............@....pdata........H......@H.............@..@.rsrc...@.....J......@J.............@..@.reloc........J......PJ.............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\ffmpeg.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2046976
                                                                                                                                                                                          Entropy (8bit):6.649283135735361
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:AWAYwK157qsw8g5DitUKT6mPgPswvD9Q++AViqp6JoIpBHHM9wkk:3Ay15Wiuitp6mPs9T+AVizJochHMM
                                                                                                                                                                                          MD5:05A1F9113FEEB06EBDB0AF5C94C37879
                                                                                                                                                                                          SHA1:0647A8FF8852F9735BF3F3B2009FD46FB235F5AE
                                                                                                                                                                                          SHA-256:A49240F9B626D8EF02713EFC9624408F1FA0399775B68FB3F2EF1DB69FB8AB78
                                                                                                                                                                                          SHA-512:B9F6A319378345720F55A1620114312558BE2DA0F53C008F0BF984CFDC094EB810470A31248852DF0B0AB07CCE7CE083EFAE1BCD5E015DBC4248DF86137B3B2B
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: Setup (1).exe, Detection: malicious, Browse
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........@...............................................00...........`A........................................`.......v...(...../.0........}............/..2......8.......................(... ...8...............`............................text...}........................... ..`.rdata...1.......2..................@..@.data........P..."...*..............@....pdata...}.......~...L..............@..@.00cfg..0....`/.....................@..@.gxfg....,...p/.....................@..@.retplne....../..........................tls........../.....................@....voltbl.8...../........................._RDATA......../.....................@..@.rsrc...0...../.....................@..@.reloc...2..../..4..................@..B........................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\icudtl.dat

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10717392
                                                                                                                                                                                          Entropy (8bit):6.282534560973548
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:196608:hpgPBhORiuQwCliXUxbblHa93Whli6Z86WOH:n8wkDliXUxbblHa93Whli6Z8I
                                                                                                                                                                                          MD5:E0F1AD85C0933ECCE2E003A2C59AE726
                                                                                                                                                                                          SHA1:A8539FC5A233558EDFA264A34F7AF6187C3F0D4F
                                                                                                                                                                                          SHA-256:F5170AA2B388D23BEBF98784DD488A9BCB741470384A6A9A8D7A2638D768DEFB
                                                                                                                                                                                          SHA-512:714ED5AE44DFA4812081B8DE42401197C235A4FA05206597F4C7B4170DD37E8360CC75D176399B735C9AEC200F5B7D5C81C07B9AB58CBCA8DC08861C6814FB28
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...'........CmnD........ Copyright (C) 2016 and later: Unicode, Inc. and others. License & terms of use: http://www.unicode.org/copyright.html ......E.......E.......E..P/...E.../...E..P7...E...7...E...h...F...h.. F..Pi..0F......DF.....WF.....jF..P...}F.......F..`....F.......F.. ....F.......F..0....F.......G......G......(G.....;G..@...NG......aG.....tG.......G.......G..@....G.......G.......G.......G..P....G.......H.......H..P...2H......EH..`...UH......hH......yH..P....H.......H.......H..`....H.......H.......H..P....I.......I......-I..@...=I......PI......aI..@...uI.......I...0...I.. 1...I..p1...I...e...I...e...I...i...I..`i...J...i..)J...K..BJ..p...^J..."'.uJ..P.'..J....'..J...5'..J..06'..J...>'..J..P?'..K...D'..K...F'.0K...H'.IK...V'.hK....(..K....(..K..P.)..K....)..K..pW*..K..P.*..L...*+.?L..p.+.bL....+..L...U,..L....,..L....,..L....,..L..@.,..M....,.-M..P.-.IM.. e-.`M...e-.~M...R/..M.../..M..0.0..M..@.0..M..P.0..M....0..N....0.!N...,0.9N...,0.NN..0-0.fN...-0.vN...Y0..N...Z0..N..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\libEGL.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):455168
                                                                                                                                                                                          Entropy (8bit):6.325643014425336
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:vE4vggB77XnAFJOiVghQNu0Q/2fNClzCdrJEQa+1:c4ogxnAFJOkghQNrClGrJED
                                                                                                                                                                                          MD5:FAA27BF7062F3D7514386A5FA4ACB81E
                                                                                                                                                                                          SHA1:6CE3A638D81B1FC824B2D21C4725B08C72428E73
                                                                                                                                                                                          SHA-256:1388FB48FA0FB258BB1AAA5597AA2B867144DCEB099DAB3B43101787BB483C2F
                                                                                                                                                                                          SHA-512:804B7A9A6E0EC4F927CF4AE891F1B78742C5E4E0F463B286AD22C0C37FD7D980CD7EDA3D159A657E5BFCA9344074399560AEC87D7CD580BD29CE864D0DDEE38C
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .........".......7....................................................`A........................................`...h.......(.......x.......TB..............4.......8...................p...(....%..8............... ............................text..."........................... ..`.rdata...|.......~..................@..@.data....O...`... ...H..............@....pdata..TB.......D...h..............@..@.00cfg..0...........................@..@.gxfg...`%.......&..................@..@.retplne.....@...........................tls....!....P......................@....voltbl.8....`.........................._RDATA.......p......................@..@malloc_h0........................... ..`.rsrc...x...........................@..@.reloc..4...........................@..B................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\libGLESv2.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):6875136
                                                                                                                                                                                          Entropy (8bit):6.458952708031866
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:FfoLgaKqO6rk/8KR41Xft+AlHH4Jv3l+7gFOsTvZTGT4ltgh/sKDEtVFFTK2/get:6BXFTlnKkuQ4WAiwwHurw3XF
                                                                                                                                                                                          MD5:B8F6D5DA6F220F8D39D2C0413BF50C7B
                                                                                                                                                                                          SHA1:18ED7A44DDAB24E81B78142B3B676C8E02F33055
                                                                                                                                                                                          SHA-256:51E4108E0C3607BB52DD64F3109559A40DCEDFC8BDE4BAFF84EA5F214E97856A
                                                                                                                                                                                          SHA-512:9459088B776D32101734FF46D49604E12976B18BED832005873AEC360AEF2A9B03F27B79114EED769D32733B48617480D4F289A8EB73657BCF752755CD0FBE33
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......L...........I.......................................j...........`A........................................}._.....+.`.d.....i.......e...............i.<...tr_.8...................Hq_.(...@t^.8...........H.`......._.@....................text.....L.......L................. ..`.rdata.......L.......L.............@..@.data.........a......ra.............@....pdata........e.......e.............@..@.00cfg..0....ph.......g.............@..@.gxfg....,....h.......g.............@..@.retplne......h.......g..................tls....Q.....h.......g.............@....voltbl.D.....h.......g................._RDATA........h.......g.............@..@malloc_h0.....h.......g............. ..`.rsrc.........i.......g.............@..@.reloc..<.....i.......g.............@..B................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\af.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):478847
                                                                                                                                                                                          Entropy (8bit):5.411085530754943
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:jMe7qtho+VTrASMKVkP+S2Z12JynubrmIZ+8FQgB2CSI2Ts37UzO25g/tz6XiDiN:D7qthoMTcSMaO+S2Z12JynubrmIZ+8Fs
                                                                                                                                                                                          MD5:FFB5C6F2DD2A21D555DC6E9F57CE8A62
                                                                                                                                                                                          SHA1:D2D7EA11DD49B6E0210FB96509852431D4056624
                                                                                                                                                                                          SHA-256:1FC2D1624F4ABF0379E1825B47A3F1B901FDF2FC95485E74581C75A65F2AD3D5
                                                                                                                                                                                          SHA-512:D74FC561B4221D0CA168463C955865ED004A5763E355D44E800854DB4845850C607E0E1020D6E215D349E18A1B56A3C2B53538DC86CC54D67DE10F47959E2A6A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.~...h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.-...|.3...}.E.....M.....R.....Z.....b.....j.....q.....x.....................................................I.......................}...................................8.....M.................H.....a.................).....7...............................................$.......................<.................*.....<.................&.....5.................D.....Z...........B.......................7.....T.....e.......................).....r.......................9......................./.............................].......................&.....M.....V.......................!.................P.....g.................*.....B.......................%.............................x.................@.............................n.......................n...................................`.....t...........M.......................r.......................I.....m.....{...........).....T.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\af.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\am.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):776023
                                                                                                                                                                                          Entropy (8bit):4.912989601907357
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:ij72EQ/cuFzYzxpTEzH3dj262NzTh5j96gVr5OxPF3x30jH8+F:AhQ/fYzxezHNj262NzTh5j96gVr5OxPM
                                                                                                                                                                                          MD5:ECEB40BA11424F46F2A80DEC00750820
                                                                                                                                                                                          SHA1:053992E95D2AC8304513252A3DA369925CAF95E5
                                                                                                                                                                                          SHA-256:8C6606B346A44EF8AD24602B8086831E0DDED9D16B51B3FC72837A98648150E6
                                                                                                                                                                                          SHA-512:3B720AD44BC040F35D1EAF98751C23EB18D3326B051A95836B6556B8E2BDD3F99D40FB3B21DD8655F2B238511A33C5E83A57EFD2039CFFFCFA6B2CCD6369ADFD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.*...t.3...v.H...w.U...y.[...z.j...|.p...}.....................................................................................$.....C.............................i.....!.......................].......................w.............................P.....c...........\.................Z...........+.....[.....>...........P.........................................P.................u...........f...........`.......................N.......................n.................).................6.....I.......................3...........c.................f...........E.....[...........s.................`...........*.....:.......................<.........../.....i...................................}...........7 ....P .....!.....!.....!....9".....".....#....T#....v#.....$.....$.....$.....$.....%....5&.....&.....&.....'....T(.....(.....(.....)....m*.....*.....+.....+.....,.....,.....-....t-.....-.....-................d/...../

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\am.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ar-XB.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):782112
                                                                                                                                                                                          Entropy (8bit):4.928681356185768
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:JMkZzLmzDtdSSuMQUyniepgRwgPc51CyHjT5fuf7b6bR:JUbDpm5fua
                                                                                                                                                                                          MD5:4B92310FD43DFB026D329D2C2A5748B6
                                                                                                                                                                                          SHA1:58C462A55B1087DECB23D3ACD63664D6CDC968EF
                                                                                                                                                                                          SHA-256:6727C5946AFF5220BC341D105A3BCCDE4EAA8DADB9DED3AE38578AD5B7C1B9D1
                                                                                                                                                                                          SHA-512:6FB9A7BAA5BC26704A4BDDB5E4AE3FFC5F019F9DFD2064AEC0F68E1DAB3B57187E5A94F9111C09FC5CD382A2A894C5004634500A407F27BC96D1D3925B00BABB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........c%..e.....h.....i.....j.....k.'...l.2...n.:...o.?...p.L...q.R...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.........................................................................!.....<.....X.....u.....K.......................b...........^.....z.....A...........k...........@...........8....._...........t.................f...........6.....O...........}.......................\.......................".....}.........../................./..........._.......................U.................t.................5...........2.....u........................................./.................L...........@.....X.........................................r........... .................#.......................3...........>.................E............ ....@ ..... ....m!.....!.....!.....".....#....m#.....#....2$.....$.....$.....$.....%....(&....|&.....&....]'.....'....M(....}(....a)....8*.....*.....*.....+....G,.....,.....,.....-..........k............/...../...../...../.....0....;1.....1

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ar-XB.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):854092
                                                                                                                                                                                          Entropy (8bit):4.92310545483486
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:FG31wB1tu/N/RL8u4NOIv2U3NwFkNN5xNNx+jGqhXpY:wFQyYt5r+W
                                                                                                                                                                                          MD5:D09D02925D1A68D8AA2A8930CD0D3739
                                                                                                                                                                                          SHA1:4A72D8A7CB99F2590F450CA1EC872AA829F7D9BF
                                                                                                                                                                                          SHA-256:57DE76102D4BEA2EDC2042BD4C6E57EC9CD71C1A138D5547030B805A78BA2CB3
                                                                                                                                                                                          SHA-512:6F9AF788E5230BBBD8616C6CC90AB7799BE4C1E649477E81250ABCEECF0EF77B22488A433A27F69EF6753BA162948890D0705834A4AC3ACD689F37797754D1C4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........w$..e.(...h.,...i.7...j.C...k.R...l.]...n.e...o.j...p.w...q.}...r.....s.....t.....v.....w.....y.....z.....|.....}...........................................%.....,...........3.....L.....i.............................Y.....}......................./...........................................................).....o.................y.................b...........F...........F...........X.....~.....].....-.................q...........e...........4...........o.................~...........]...........k.................\.............................%.....e...........5..........._.....}...........|.................r...........\...................................a...........-.....B...........y.................{...........-.....S...........N...........- ..... ....$!....B!.....!....e"....."....."....j#.....#.....#.....$.....$....-%....r%.....%....#&.....&.....&.....&.....'.....(.....).....)....q*.....*....O+.....+.....,.....,.....,.....,....Q-.....-.....-.....-..........U/...../...../....i0

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ar.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):883810
                                                                                                                                                                                          Entropy (8bit):4.685141869398855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:8rlCVOq0aAlYMdAs1axUlVbf/1A373ZB93aAK5kVDMb/Rumped2il5vJOueRJ3Qd:8rlCVOq0aAlYtUlVbf/1A373ZT3a1kVP
                                                                                                                                                                                          MD5:7EF3FCC095170AD95BC91B99FF64E003
                                                                                                                                                                                          SHA1:CD059C9CE38DE90855242BC0C0060CC96BBE7FB2
                                                                                                                                                                                          SHA-256:E6D5A9607BD4E9F906B1A81FDD940AF69AF33B1F5402A277660473092950709E
                                                                                                                                                                                          SHA-512:05320A66AB533626C108EAAC57FD43192DC99809040EE4808528CCEF3DC1803D6FACCE765E7787A5C02B18454D3348BCE0120C53BD56E2DFF9FCB2C6CE5B4A3C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y."...z.1...|.7...}.I.....Q.....V.....^.....f.....n.....u.....|...................................................................................?...........................................................J...........u.................z...........R.....x.....d.........................................b.....L.............................@...................................=.....P.....).......................9.....x...........F...........).....Q...........v.......................3.................\...........0.....O...........b.................[.................=...........p ..... ..... .....!....."....q#.....#....M$.....$.....%....K%.....%....S&.....&.....&.....'....k(.....(.....(.....).....*....$+.....+....@,.....,.....-....5-.....-................,/.....0.....0..../1....d1....T2..../3.....3.....3.....4.....5....+6....u6....@7.....7....38....k8.....9.....9.....9.....:.....;.....;....\<

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\bg.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\bn.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1137123
                                                                                                                                                                                          Entropy (8bit):4.299580400060432
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:vsgx+0TQQGyqtHFtIdK009fQ0/QB/LCLTSukkRBb6BiDSk51hwDlWA:UgU0TLALM/LYTSunBbl5ylp
                                                                                                                                                                                          MD5:C7D249577D0BC3BBF809D9A564CEF77C
                                                                                                                                                                                          SHA1:1B234DEB6712DCAA796F796533FB01D5A097555C
                                                                                                                                                                                          SHA-256:8638CE39FD97E8ADAF332FFC49E4A0DE9CBEF4D4BC22B18F332799CD408E3C19
                                                                                                                                                                                          SHA-512:9CB6511A3F6FADB5ECF6303F3704707B076AC30AFDE4906BA934958516DCC47EE2A0189801EAC5432B22F789CEFE65F032AC455E783AB1A5071405F54315CE11
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.,...y.2...z.A...|.G...}.Y.....a.....f.....n.....v.....{.................................................................Q.....{...........A.....}.....r.....I...........".....G.....A...........>.....6.......................|.....?.......................?.............................I.................l...........R.....A.............................C.............................U.......................I...........f...........D.....w...................................@.....s...........v.....%....................... ..... ..... ....k!....."...._"....."....-#.....#.....$....<$.....$.....%.....%.....&....''....C(.....)....V)....P*.....+.....+.....+....y,.....-....D-....t-....B...........o/...../.....0....\1.....1....k2....%3.....3.....4....74.....5.....5....%6....]6....`7.....8.....8.....8....!:....u;....h<.....<.....=.....>....y?.....?.....@....}A.....A....(B.....B.....C..../D....^D....dE....8F

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\bn.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):546766
                                                                                                                                                                                          Entropy (8bit):5.396073089699102
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:4NlMvG4Tp7dcEpy/m3O5PAF4N3Mw2juwHzejm0t3lvq8E98URaIs3cmlLEYjCJk6:tVYDQ/ROb9ZMN7MZlg5P1XqM
                                                                                                                                                                                          MD5:C422744DE25D9CE25623EAC83A9FBA46
                                                                                                                                                                                          SHA1:6C58BA81E244D6C30A3D1AC86300F84DF11B548C
                                                                                                                                                                                          SHA-256:2EA46B2A2245FBAAEA60309401F8E6BE455B58AABC90CFE99C24B519914F0E36
                                                                                                                                                                                          SHA-512:997FF1DC5E30C86AAB94A1AE006435CD39877D7B5903FFF2D4C36E2DB5383A76158BBF0EB32B80ABD2FA40EC121A11B43D305B5F249799E77ADFE54504F40D7D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y. ...z./...|.5...}.G.....O.....T.....\.....d.....l.....s.....z.........................................................../.................)...................................d.................F.....~.................J.....}.................A.....t.................o.................d.................@.................T.....h...........".....Y.....m...........K.................G...........+.....Q.................2.....N.............................|.......................|.................+.......................'.....x.......................Q.......................4.......................T.................&.......................).......................L.......................j.................P.......................-.........................................,.....H...........m.................z...........&.....P.................R.....r.................3.....F.................^.....z.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ca.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):555080
                                                                                                                                                                                          Entropy (8bit):5.842295811527368
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:Jv0Zr1PzZEPnpreL0vGJA+AsQ0K5B+8VKfNO4w3SBkmPyh8Qms9:h0ZRmNK0vG6L0K5B+8VKfNO93S6mPW
                                                                                                                                                                                          MD5:120845B1CB9B9D8235CDA4BBFB05FC69
                                                                                                                                                                                          SHA1:4D30CFFE8C52F3C287062CA1031F4C070C255840
                                                                                                                                                                                          SHA-256:80DCCCD03056F4D658DEE40C90D0D7AC46B08C6516C0187261E62BC623D8EA40
                                                                                                                                                                                          SHA-512:0B69DE112419777059597A5346DB101F234B89004ECE1A4313B50309A6542FFA337527355E97EF81644E5D24B7AA6818EFDC17235CB1FCB939987300C339A6DD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.\...h.`...i.h...j.t...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.#.....+.....0.....8.....@.....H.....O.....V.....].....^....._.....a.....q.......................F...........9.....W.................P....._...........b.................H.......................m.......................i.......................l.................)...........:.........................................@.......................i...........$.....9...........4.....w.................C.....`.....w.................H.....Z.................!.....2.................8.....L.................D.....V.................+.....8.................:.....M.................V.....j..........._.......................R.....m.................".....C.....b...........).....U.....k...........K.......................i.......................{.................;.......................f...........".....4...........F.................$...............................................2.............

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\cs.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\da.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):505239
                                                                                                                                                                                          Entropy (8bit):5.448226222916994
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:in4xaYaQzVWZqo5cU+8+4kijSwlTwpJwawobR09vcuL5kPrTEr/d4JTGqVwXzZhJ:i4xaY9r8PjbQ45ErBTpY
                                                                                                                                                                                          MD5:9BF8555DCC94477ED9FBDD10C62CDA28
                                                                                                                                                                                          SHA1:9E67FD5CA48A1CFC3CC516811EF0DA008C84B273
                                                                                                                                                                                          SHA-256:5EDC021B352EBE4EB7AA81B9486E58946CDD0F91B686A08A0DE038DECD5AFF9B
                                                                                                                                                                                          SHA-512:BE08559FEAF96275B870E086A6AB8EE8C644D65C67F290099D05558E025FB33FAE4CAB68A5EB803BDE032CA09D2E2BAF71F72177B3A53BF518C685826E3F1F23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.$...w.1...y.7...z.F...|.L...}.^.....f.....k.....s.....{.......................................................................X...................................<.....T...........f.................-.......................-.............................t.......................u.................8.......................s.................2.................?.....S...........\.................Y...........1.....W.................4.....F.............................m.......................X.......................^.......................W.......................;...............................................).......................p.......................T......................./.......................,.......................j.......................j...............................................~...........6.....D...........U.................!.............................`.....|.................K.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\da.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\de.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):544541
                                                                                                                                                                                          Entropy (8bit):5.4912987683783125
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:RAuRc5wJanQ13K7UpHad3gXiasnyX4VyuX3FwN1a265Jl5vRPNKzMgQIDCbL:RnBj13K7UpEgSamyHjw5CDvDCbL
                                                                                                                                                                                          MD5:1BCD5AF995CC8061CA89637EF72CC1DB
                                                                                                                                                                                          SHA1:3CEA0D8F5A8D7D0FB16BEB89365D4EA77AA9DC28
                                                                                                                                                                                          SHA-256:EE1317B4F3A3C8C4CCCA9DFD49479AFF6A22893260A1AD38C1666CDE3DB228ED
                                                                                                                                                                                          SHA-512:4370CCD37DFFCAA1A84CE7587D04488E034D86A17BC2C390667C1C73DF3A93E00C51E7F1E813FB83AFE1BDBC94B5BEB0DF3D9314752D172D6F7809C5561C85B6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........C$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.'...s.8...t.A...v.V...w.c...y.i...z.x...|.~...}.....................................................................................................................................C.....X...........P.................1.......................m.................%.................B.....V...........\.................E.................)...........*.....d.....u...........w.................^...........D.....^...............................................*.................-.....?.................>.....O...........\.................).......................[.........................................=.........../.....g.....y...............................................'.....y.......................w.............................1.....j.................k.........................................P............................. .....j.....t.............................m.................%................." ....1 ..... ....0!....h!

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\de.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\el.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):967007
                                                                                                                                                                                          Entropy (8bit):4.76798089170347
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:NYc6PdGgx11hxFFc9N6JXDsSYSmqHMuD2fp3Lljr9AVH8+VdQ5tNDQo3FYtf2Uto:NYc6PdGgx11hxFFc9N6JXDsSYSmqHNDu
                                                                                                                                                                                          MD5:92B4DB2E2A6334F9E8E4C3AD0478733B
                                                                                                                                                                                          SHA1:BB51F1A509C3F6D5D69B0FD5BDD87632C6354ED6
                                                                                                                                                                                          SHA-256:FE7B716FD80F8327DB8EE17FB0B2669EBE1EF18D196CB5141BE9210FEC9A0682
                                                                                                                                                                                          SHA-512:7517FAD4EA889E97C840F2D32F6563C7597CA9FEA19FC7D7D83FF4D4AB47F00985EB49BD1676AF803CBFBA9E9C18771A2869416FB70A3C147F0571F39CAD04F4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w."...y.(...z.7...|.=...}.O.....W.....\.....d.....l.....t.....{.....................................................L.....s.....Q...........=.....8...................................R.................=.......................I.................e...........D.....d.....3...........R.......................".....\.................m...........o.....+.......................t...........*.....^.....V...........C...................................z.......................6.....v.................g................................................ ....+!....R!....."....."....!#....H#.....$.....$.....%....>%....I&....Q'.....'.....(.....(.....).....*....P*.....*....y+.....+.....+.....,...."-....y-.....-..........S/...../....'0.....0....v1.....1.....1.....2....f3.....3.....3.....4.....5.....6....J6....t7.....8....E9....~9.....:....f;.....;.... <....0=....,>.....>.....>.....?....c@.....@.....@.....A.....B....tC

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\el.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):438233
                                                                                                                                                                                          Entropy (8bit):5.518587154498282
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:vZI0SrL4yfYyzcMP9ehT/IfaYjYU8z5MKS8BE0RJEl:vZKwG4MOT/oo5bSVl
                                                                                                                                                                                          MD5:53FB83F1300373ECD284455187B515D2
                                                                                                                                                                                          SHA1:6081C8849D28FE9AF94C98B3B266F5A8A2F638E5
                                                                                                                                                                                          SHA-256:9DC4D36ADD6D35462856BCD9F809E2FF54A4E290CBF35B55E01608AD2D923C4C
                                                                                                                                                                                          SHA-512:F031B27103B879FF641EDF280B94BCF64584459E05C3C6B3E836597628626716ADBE263C8CFA7B3145BE453F0B9CDD14A667FB3BB5F8459039977FA4E26E84C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........%=.e.T...h.X...i.f...j.r...k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.!.....)...........6.....>.....F.....M.....T.....[.....\.....].....b.....o.....~.......................r.................".....p.......................q.......................h.......................>.....g.....u.................).....6.............................j.......................`.......................<.............................R.....~.................R.............................9.....H.............................,.....i.......................>.....p.......................G.....S.............................].............................b.......................O.............................Q.....g.......................".....o.......................>.......................%.....\.....w................./.....^.....n.................K.....c...........6.....~.................L.......................B.....n.....}.................(.....8...................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\en-GB.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):442167
                                                                                                                                                                                          Entropy (8bit):5.509356040959441
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:tsKm5Yuuvn6MVB5TMP9eVX9vfaYIyz45cBSMn0F/B0fwH:ODhadlMmX9KX5QSsfwH
                                                                                                                                                                                          MD5:06B76AB948526CE0875CD280F5559BE4
                                                                                                                                                                                          SHA1:D0CB125B7ECD5E1A9DB001C611C21B2F26A46B1C
                                                                                                                                                                                          SHA-256:49BEFD911A3E1456131FBCF4FCA1C0ACC0A7B711787486253BC7D5E6B38E1C3E
                                                                                                                                                                                          SHA-512:2BD643032BA787BDFE67AD98DD01BE8B56D38D87A70CFB55E1858B56118C585BC1A6EBA6EA1BD4FBF214E45AD389D98F1058F38BA42E442C5C3DEDC049A4611F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........?%..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.'...t.0...v.E...w.R...y.X...z.g...|.m...}.................................................................................................m.................,.............................w.................!.....z.......................U.............................].......................#.....H....._.................G....._.................1.....?.............................].......................G.......................:.....q.............................3.....=.............................C.......................$.....m.......................4.....].....h.......................'.....p.......................J.......................E.............................C.....c.....x.................+.....:.......................9.....~.......................8.....~.......................].......................~.................>.......................?.............................G.....i.....y...........!.....R.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\en-US.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\en-XA.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):980342
                                                                                                                                                                                          Entropy (8bit):5.216674843653677
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:JMpkqpOYzJWp1MoEY3RykXwYMCSXpOPBpPx3ASomwGiWAtyVS1UtuYtP0DvC5z9f:TBt5z9f
                                                                                                                                                                                          MD5:6CE103C1633F4DF47E246CA9E98F35E6
                                                                                                                                                                                          SHA1:86F97D6DFE7CE7DCF95EBEF5ABF669F7F8CB01A5
                                                                                                                                                                                          SHA-256:A71EAE327B57CBB04148D906144583824EEED9DC2CDD150F5B1D19B61685107E
                                                                                                                                                                                          SHA-512:5A2E530E6245B2D525F5CF3C08DBB901632175A21D927A58AB4974BDA48E59B9531C09938B938A4F1F6D66244DFF3E81E5176DD69445CFD007BFF34CD9D44DFC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........c%..e.....h.....i.....j.....k.'...l.2...n.:...o.?...p.L...q.R...r.^...s.o...t.x...v.....w.....y.....z.....|.....}.........................................................................&.....I.....m.......................Y...........b.....+.............................T...........q.....8.......................b.......................O.......................U.............................K...........W.............................>......................._.........................................m...........=.....g...................................n...................................I.................O.....n.....1 ..... ....a!.....!....@"....."....l#.....#....F$.....$....l%.....%....~&....f'.....(....;(.....).....).....)....8*.....*.....+.....+....8,.....-.....-..........9..... /...../...._0.....0....h1.....1....:2....`2....C3.....3....j4.....4.....5....36.....6.....6.....8....&9.....9.....:.....;.....;....h<.....<.....=....R>.....>.....>.....?....@@.....@.....@.....A....qB.....B

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\en-XA.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):533930
                                                                                                                                                                                          Entropy (8bit):5.3788313673683525
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:6IH8fG6z4/5iQ8X5p3YRRr5XLFYFIFUm+L:B8+6Z9pmr5bFbgL
                                                                                                                                                                                          MD5:1B537CA4D3C9A1772F465BAE676BB1F6
                                                                                                                                                                                          SHA1:E534EB772FDF11086F4637143789E730A4E05575
                                                                                                                                                                                          SHA-256:A4F80D52562840FBB6C919F2B0E56AC85847463CA0BD90D93C44A4EB03D914A8
                                                                                                                                                                                          SHA-512:8B305C7DFCADB99A8EB7BA22A5CE429B055741292B02D5D6DF9FE591B6ADFD08C25C401C771F3C7B0900BEB4F9D30E55E58F9DC2F74C21E0365740608B7A9FC2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.*...w.7...y.=...z.L...|.R...}.d.....l.....q.....y.........................................................................................v.................i.................Z...........7.....U...........B.......................B.....l.................<.....d.....u...........o.................n...........".....L...........).....n.................V.................)...................................j.................(.....W.....r.................K.....Z.................R.....h...........E.......................a.......................W.......................<.....l.....v...........D.........................................Y.......................c.................J.......................r...........).....j.................?.....Y.................O.....h...........5.................*.................(.................z...........#.......................5.......................7...................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\es-419.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\es.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):532503
                                                                                                                                                                                          Entropy (8bit):5.357881561820044
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:6IB3CiKdyOR5u12clg135gObkpO+EdQ1m+dj75aIrJQh6S6PZ6k8jb:6IBPKRbq+1RopkQ1muj75Xrmhbb
                                                                                                                                                                                          MD5:4F20600D22FBCFAA0415F214F1858B62
                                                                                                                                                                                          SHA1:41145AE5255CB4CE20EB7EE57D503D4DE59941C7
                                                                                                                                                                                          SHA-256:A09CB85E8844301A22500DEB47A8FE42E3943B183CC29CF2D4BAF6EA427FCB30
                                                                                                                                                                                          SHA-512:288FD234D0563B32E13C2FD67DC59F1FE49B915A7531F72B28A1B09D40454AF7285EE749FD328708E6DEF9F513A85EC7806DEE7E4AB2BC1C6275CC21A71D4969
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.-...w.:...y.@...z.O...|.U...}.g.....o.....t.....|...................................................................................!.........................................l...........\.....v...........Y.......................k.......................l.................-...................................L.....j...........B.......................f.................6...................................g.................A.....t.................6.....^.....m...........0.....f.....|...........H.....{.................C.....w.................0.....a.....l.................D.....N.................;.....K...........9.......................P.....|.................J.....q.................w.................7.................'.............................}...................................4.....N...........b.................e...........0.....Y...........<.....}.................6.....\.....o...........@.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\es.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\et.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):484524
                                                                                                                                                                                          Entropy (8bit):5.458569780933525
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:y0PQVDMd4S45K9vMNczUupn1J1ONRS+T7+F4mT7FN0gmFohW4xS/Y03pi802p5ay:yEN4Y9/Xpi/TOpbmFohozp5aj0x
                                                                                                                                                                                          MD5:E0EE91083792BA6B9200106DAEC4F5A7
                                                                                                                                                                                          SHA1:14BADA6580DDCCFF3C4CCC3DBC3568E5FCED1097
                                                                                                                                                                                          SHA-256:770DC93416BDA6716E4D596E80638FBDAEA70F0EF9076A0D174D58C9467C61C2
                                                                                                                                                                                          SHA-512:D4D733E2DD0EE3DF772D896CCDC1B09940EDF9A42F1A5B378CB1060ED3500E74CF69C79DC092D01BE8409AA9B01CF9685D3365F85EE3367A559371A6229E4020
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.,...t.5...v.J...w.W...y.]...z.l...|.r...}.......................................................................................................(.......................n................. .......................C.......................C.......................5.......................7.......................G.......................q.......................u.................!.................#.....;...........0.....u.................Q.....s.................7.....Z.....f.................E.....U...........#.....].....h.........../.....i.....w...........0.....a.....i...........).....\.....k...........*.....^.....f...........N.......................O.....n.................B.....f.................6.....n.....{...........C.....w.................F.....`.....q...........5.....].....u...........A.....y...................................}...........C.....h...........D.....z.................'.....C.....W...........%.....S.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\et.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):787089
                                                                                                                                                                                          Entropy (8bit):5.051202428896656
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:i3x8u313uyqoe+s4q7CRmXzoT4WmdAQifaQ2XxFHGk62Bh96MX9OCRdpxHsAQi6A:i+v5ec
                                                                                                                                                                                          MD5:68AD7F55117CCEC25D6B244662AD5018
                                                                                                                                                                                          SHA1:FA1CCD5797A0218B632801B2A0F54929C0ECA622
                                                                                                                                                                                          SHA-256:42E9643F8DE704B53F074F53FA7DACF5F6C6F6642C6CE0CD98294A91BAC26B80
                                                                                                                                                                                          SHA-512:A6926C9BCCFB62B0506E7A45ED56D4FC4A0EDF983EBBF3134C4AB6C2FF1C2AF66BA82E7891B6F1530B927F72FEA43AB0A82DE9D70746DCD67F31A1B5CBF64FEE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........c$..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}...................................................................%.....A.....k...........w.....H.......................M.......................]...............................................K.................=...........#.....D...........}.......................Q.................]...........I.....e.......................................................................R...........[.................0.............................%.....g.....~...................................D................."...................................V.....x...................................M.................P.................%...........l........................ ....n ..... ....B!.....!....3"....y"....."....o#.....#.....#....i$.....%....e%.....%....*&.....&.....'....)'....'(.....).....).....).....*....R+.....+.....+.....,....9-.....-.....-..../......................../....A0.....0.....0

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fa.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):492464
                                                                                                                                                                                          Entropy (8bit):5.425658384076431
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:ilaR0mV19j/WJ8eG6KZ8VreKRJTsbTIOEiTak9LQ53YW2HrEaWacvr3OW3MWO4Ap:ilch19qJaQetax53YtHrEaWa2YuYn
                                                                                                                                                                                          MD5:A7A39FB45BF28A1704F1088784ED9B21
                                                                                                                                                                                          SHA1:8F6021070CFC88BDFCA8E628BFD8DCE4D5234912
                                                                                                                                                                                          SHA-256:6625723666A0433A29F9943E8B3DDEBDF676F38ECD4EECA1EFBC1FAB7E19CE8D
                                                                                                                                                                                          SHA-512:3E3C20BB58C701E72CAF59E78F23FC2A2A9F742986C7655760BFAD7CE775D423B72C8127964A97CD6DFC3082B2DC46F20F129FECBA8C4A5BD7EE2E9B85D623FD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........R$..e.....h.....i.....j.....k.....l.....n.!...o.&...p.3...q.9...r.E...s.V...t._...v.t...w.....y.....z.....|.....}.....................................................................................%.....>...........C.......................q.................&.......................M.......................W.......................5.....~.......................Z.......................}.................7.......................3.......................6.......................V.................$.............................Y.............................i.......................9.....c.....m.................L.....Y.................!.....,.............................j......................._.......................|.......................I.......................?.......................=.......................G.............................d.......................\.................5.........................................0.......................,.....n.......................5.............

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fi.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fil.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):556786
                                                                                                                                                                                          Entropy (8bit):5.192882907827124
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:6fvFTGCvtu/Zy3DQBIBg0/S2FCvenG2Z3LRmI5Fwm0InAREt8:Y9j1aslUI5amG
                                                                                                                                                                                          MD5:5A029FBC334FB96F05BA7CB40CBF77FA
                                                                                                                                                                                          SHA1:993AD2E2C05C5B6374DA6547FE9F966F8FA33FF0
                                                                                                                                                                                          SHA-256:02174D6A13714498334FCDCFB6F78007756D65FFD69F2984C4E010D293A0A264
                                                                                                                                                                                          SHA-512:D10309197A9AE36A250944C0BA36DA184FFDCF2DD21874E1EAF3C1075057600219EA6B986F31B9CA727349E07262159B9AB8D7069946B1B532819202BCD3BE0D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........ %*.e.z...h.~...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w."...y.(...z.7...|.=...}.O.....W.....\.....d.....l.....t.....{.......................................................................p...............................................t...................................N.......................[...................................O.....~.........................................A.....W...........A.....~...............................................x.................Y.......................O.....w.................8.....b.....q...........N.......................k.......................s.......................t.......................v.................3.................#.......................3.............................r...................................T.................R.....|.................t.................P.................'...........[.................j...........9.....j...........J.......................P ....x ..... .....!.....!.....!

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fil.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):578290
                                                                                                                                                                                          Entropy (8bit):5.380153051203165
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:jmDHjPf6ZLiXrmDDq6QuaMV5uKzxOt11Z8MYnYJYQgIRyz+X5Dx0JSWdv40wCU7p:kv6VNe5Mw
                                                                                                                                                                                          MD5:DAF38B05615CF2B32110153A87F00A49
                                                                                                                                                                                          SHA1:5BA7AE47BCF97F25CA4AE39F2719CD167525B7A6
                                                                                                                                                                                          SHA-256:F27B84A739C6F37556506BD6B6681FA347B91D8852BFAAFB8C2388240D61B4E3
                                                                                                                                                                                          SHA-512:24F7F127200BEED942F55D6A5C8A8EC0F395BDDE5005E181578C4F82774145C87FF7DF31AE3ED5E395BD6B4415B34F7DDD404FD916953D3DBCA6A2AC541D7DB5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.`...h.d...i.u...j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.0.....8.....=.....E.....M.....U.....\.....c.....j.....k.....l.....n.....~.......................R...........r.................{.................c...........H.....d...........?.......................p.........................................[.................6...........!.....d.................f.........................................T.................%...........I.................'.......................(.......................".......................:.......................S.......................V.......................C.......................<.......................g...........K.....b...........(.....V.....t.................,.....J.................P.....l...........w.................S.......................S...................................R.....r...........p.................^.................6...........A.......................V...............................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\fr.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1122667
                                                                                                                                                                                          Entropy (8bit):4.3400459610777204
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:mgmU7sGiPkPYBxz9AcSIMKHIwjAwREJKVMjNiT7llj63rhJWlPvKMi5eQWiYJsWR:mg0cPKz9lSXRjMkaL258Gh1dRu
                                                                                                                                                                                          MD5:114BE9E725B3E34F26798EEE03AEB7A3
                                                                                                                                                                                          SHA1:AE2B4E62888F8B03FB8D896AEAB6C3EB8D11793B
                                                                                                                                                                                          SHA-256:F95506C669D3994DE484E61529E1EF56DF8F7B88E28A9DDD9F9B3A2FCA958FC0
                                                                                                                                                                                          SHA-512:4EAFDC76D4B06EBB0D1405F3D68CE518BE925C4444234B5ACADE27CB07F29A2E11DE6093389A89A468D87A55638DC38970EDDC4355D52D0FB45F3C8CE8251D05
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.!...t.*...v.?...w.L...y.R...z.a...|.g...}.y...................................................................................,.....d.................n.................^...........".....J.....-.............................'.....P...................................A.......................Y.............................................................................I.....u.....r.....m.........../.....R.....`...........H...........r.......................L.................S...........C.....\.....(...........A.....l.....(...........C.....e...... ..... .....!....-!.....!.....".....".....".....#....W$.....$.....$.....%.....&.....'.....'.....(....;).....).....)....?*.....*.....*.....+.....+.....,....4-....Z-....e.....0/...../.....0.....0....w1.....1.....1.....2.....3.....3....-4....-5.....5....q6.....6.....7.....8.....9.....9.....:.....;....z<.....<.....=.....>.....>.....?.....?.....@.....A....8A....WB....4C.....C

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\gu.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\he.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):693623
                                                                                                                                                                                          Entropy (8bit):4.662873246769769
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:nBISxF6XshWxF28kO0hC6r6TkvWqo/5HEajACEXbheQCapGr5hA3o9dBj5HlmmEq:nm++1L5oo1
                                                                                                                                                                                          MD5:6C6DBBF3DADE579939E27728DF66EA2C
                                                                                                                                                                                          SHA1:68BC11E532FEE1AAD3668F510CD276229B3EC7F0
                                                                                                                                                                                          SHA-256:08A95A59D8AD6FD28D52723F5EF5E0796265B2518DA44236CB4E5FC0B90FD6BD
                                                                                                                                                                                          SHA-512:594C2C897D612AF6CA8AC25FEE2960EBFCB6DD90CBBCC0324245714137EBF77369879D0E28243A370AB429ABD27768BAB860162383E31B8BB1A10667FF129466
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.>...h.B...i.S...j._...k.n...l.y...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................#.....+.....3.....:.....A.....H.....I.....J.....L.....c.....|.................w.....-.................a.................8.........................................[.....}...........r.................?...................................7.....g...........~.............................m...................................k...........2.....K.......................?...........%.....P.....}...........g.................C.................2...........$.....d.....w...........m.................<.......................m.................-.................V.....i...............................................9.................8.....\...........S.................a.................Y...........!.....B.....[...........>.....o.......................................... .....!....>!.....!....f".....".....".....#.....$....\$.....$.....%....o%.....%.....%....x&.....'....e'

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\he.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1188400
                                                                                                                                                                                          Entropy (8bit):4.311084623750104
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:awUn/nDN4+YNa2yG8cmV/BB0ZV1d1OuOXRLXW3Jpj0TByntDPtDlEpgs4u/8Wiwz:awKUp8gS55k5RhgN
                                                                                                                                                                                          MD5:A4F071EA16CEBD5EE301DACBC617B9C3
                                                                                                                                                                                          SHA1:CF46E5E856FAC54382B04DAA7FCFC325A72DAB12
                                                                                                                                                                                          SHA-256:942AE41EEBD2839A2C00E2B4C9FA53DAF3730CF97AD68FA3132A42AF03D8B2A8
                                                                                                                                                                                          SHA-512:A2E8AC957BBF847C33347660B06D2F12758A882E12A8CFA460FC1729FC0FDF240A381EF277DF79ECFF1FE95C7C56E2ED1B71B31AD455565EB89580B00FC0F620
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........y$..e.,...h.0...i.A...j.M...k.\...l.g...n.o...o.t...p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...............................!.....(...../.....6.....7.....8.....:.....\...........................................................q.............................B.....5.............................@...............................................5.............................B...........h.....*.......................a...............................................................................................l.................}...........W.....p.....G...........l...........\...... ....n ..... ....=!.....!....="....Y".....".....#.....#.....$.....$.....%.....%.....&.....'.....(.....(.....(.....)....-*....z*.....*....A+.....+.....+.....,.....,....x-.....-....(....../...../....K0.....0....Y1.....1....(2....g2....[3....74.....4.....4.....5.....6....L7.....7.....8.....:.....;....5;....C<.....=.....=.....=.....?.....?.....@.....@.....A.....B.....B....DC....AD.....E.....E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\hi.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):536228
                                                                                                                                                                                          Entropy (8bit):5.515391862763459
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:2I0Cw2NeNyfAXqYPTXeXC/i0qraKbuc6baBV08L8buo+wKxr05Yp/ADtOSAqb+HS:/Jw2Myo5uSK6VyOcwav+3mJ5UN72RwGc
                                                                                                                                                                                          MD5:886D145D04CB1AA7CF6CAD7462412B39
                                                                                                                                                                                          SHA1:754B7A17BD17CCC182623B7CEA7680B0D4191BD3
                                                                                                                                                                                          SHA-256:F0F4AD264CC98AD734FB9CF61301E39EF76445F937FE222165E6722E366D3831
                                                                                                                                                                                          SHA-512:F38F145D4F7C7735AB0FC6539F2D18AE12AE59E92513FD83403020FAA74DF6BAAFE86E503B5ED39249C2B537F6B9AF0B1E3E735E764EB3BDE38CB109365140FC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.+...s.<...t.E...v.Z...w.g...y.m...z.|...|.....}.......................................................................................................5.................".......................U.................4.................D.....Z.................F.....V.................$.....4.................9.....^...........[.................6.......................]...................................>.....Y...........r.................W.......................5.............................G.....h.....x...........;.....r.................6.....d.....s...........>.....v.................3.....^.....n.................F.....V...........F.......................L.....n.................2.....Q.....q.................G.....^...........=......................._.......................g.................9...................................f.....x...........`.................+.............................b.......................n.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\hr.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):577216
                                                                                                                                                                                          Entropy (8bit):5.643930100645207
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:Ftqi2u7XLYTtOLFIHPs6TBAr7katVIB5HwzFZfpOHYGhQU+zGXevAu5ARDCetGzH:FtD7DLGiIACB5HwzIdLIAu5tg2
                                                                                                                                                                                          MD5:78730A55F4734A3FD79DB335B2F92773
                                                                                                                                                                                          SHA1:297069635184682E55D1A9A1B81CF197E0E22427
                                                                                                                                                                                          SHA-256:39D86CD35876AE9DE3A5A85B81C1171E2011AD64AEE7F4BB6954B49C91C25AE1
                                                                                                                                                                                          SHA-512:0325C92776C99C0CC8FB1A28DF3EE69C2414D3A1074918F969691D26F8BB89C4F5694A590F93D5ED82EB06A2B1A3F3E410722FBA2496FB41E842B0B397C06BCE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.H...h.L...i.]...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....W.....g.....}.................T...........u...................................f...........L.....f...........^.........................................(.......................{...........-.....^.............................s...........(.....:...........!.....c.....s...........v.................k...........W.....v...........j.........................................).......................q...........M.....d...........n.................>.................+.................W.....l...........r.................C...........(.....>...........".....I.....e...........0.....\.................L.................4.................&.................................................................c.......................%.....4...........[.................s ..... ....:!....V!.....!....$"....U"....q"....."....b#.....#

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\hu.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\id.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):476028
                                                                                                                                                                                          Entropy (8bit):5.379776378917239
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:uYpLKyTWkaF7DsFPgvf+cVnjHFl6mik4c158ghSwkK5NcSz97IEji4QH/:JKDlDig5VnjHF4m34C58ghm/
                                                                                                                                                                                          MD5:FC1B7DE05FB68AF250C9C5970FDAA3A6
                                                                                                                                                                                          SHA1:40110A5FC5042D8CE4A9B97410B8F73039697419
                                                                                                                                                                                          SHA-256:4085C8CC4DCEC822A496CD330AD974322C9EDF83C5B752596960DA1FBA809704
                                                                                                                                                                                          SHA-512:F15703EB35D007578BF9DAF0E0D52F0F8DAB72CF5E013EE9A648CB8B5F054DAFB1CD2543F220D63BDD8594BFA552446BD0C854BFB7AC300F40CC27248677336F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.t...h.x...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.,...|.2...}.D.....L.....Q.....Y.....a.....i.....p.....w.....~...............................................:.......................Z.......................K.......................g.......................j.......................H.......................2.......................:.............................z.......................Y.......................Y........................................."....._.....z.......................C.....O.............................v.......................].......................8............................._.......................F.....x.................9.....o.......................".....3.............................\.......................=.......................!.....].....w.................7.....e.....t...........0.....l.................}.................S.......................f.......................<.....}.......................k.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\id.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\it.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):532202
                                                                                                                                                                                          Entropy (8bit):5.283769478628022
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:OauoBrrffQgCI1xO2+NjXeNDYISIqRRRsO1StbdRT9TjexvqiBELqbPpzHi9fLwx:OLoBnffQgsRAPZqV8bmEKUwA5m4oD
                                                                                                                                                                                          MD5:19925C7650E0D4A1109C29B7F7081712
                                                                                                                                                                                          SHA1:98D6BFADF1D3987C048A691D6E3B92B4C6795677
                                                                                                                                                                                          SHA-256:3509A16F733840F0C7DD20BB9D181473322EB7C806218552C125800812C4F329
                                                                                                                                                                                          SHA-512:8096FFB842466640234F4385A26387C6636626E179D807B629870356E7AD858BF2D9D9F463B6E13126B34EB41363F31E32F2DB4D292C0FCB96974D631172B84D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.........................................................................................q.................R.................,.................!.................a.................".....I.....W.......................-.................F.....p...........h.................R.......................s...................................9.....R...........L.................!.....m.......................Q.....{.......................A.....L.................V.....h.................D.....O.......................#.....r.......................K.......................T.................&.............................O.............................^.................".....{.................].......................8.....v.................D.............................).................6...................................Q.....g.......................).................4.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\it.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):645756
                                                                                                                                                                                          Entropy (8bit):5.721459654042235
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:dbWYR6j5cC6JtnRRI6ZyQ2IrWb45h8dxVd:df2cT346ZyQ2Ir/5h8/
                                                                                                                                                                                          MD5:2359AB9C67CC599B81D414F475D3AF4A
                                                                                                                                                                                          SHA1:318C6CF3711B28A97732F334DF5679500C1A92CA
                                                                                                                                                                                          SHA-256:69BBAE5376A179B7CF38E513F497A3E953BBB3B50A90FFBC7F174DDF6BF36538
                                                                                                                                                                                          SHA-512:04B742830B383198A69B5008A8603003DC88EDE7FA49A3BE9F35BB5C6459DE1EFA2E6CA8D7F162B97E35619E051F1F07D4AFEB45DAE2251D8732D6F5B44E5C32
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........#b.e.....h.....i.....j."...k.3...l.<...m.D...o.Y...p.f...q.l...v.x...w.....y.....z.....|.....}.....................................................................................+.....I.....j...........%.................!.................T.....l...................................v.............................3.....E.................@.....P...........L.................:...................................2.....B.................N.....]...........>.....u...........-.........../.....J.................0.....L...........M.................;.................$...........^.................Z...........,.....;...........7.....z.................w.................J.................+...........d.................d.................4.................K.....l...........X.................`...........$.....^.................8.....G...........L.................!.....|.................t...........|...........(.................. ..... ....+!....q!.....!....."....."....."....."....e#.....#.....$....I$

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ja.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1277291
                                                                                                                                                                                          Entropy (8bit):4.250575799494213
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:OJEPCpA6GYIQJzMUk3Q7X5DiUgcyE+hTKYB:Oon85OUK
                                                                                                                                                                                          MD5:44E9E82743A4CBFBB4C0B435FEB6A311
                                                                                                                                                                                          SHA1:6E0961D9A362F1AA4A1CEA067CE33CF6236BDDCF
                                                                                                                                                                                          SHA-256:FC48834CC2D91E3E3C4BA03427D2F7017B8A1047BCD02F54F00162FCC1B8E892
                                                                                                                                                                                          SHA-512:D2A8BAD4CC541B1DFD692AF0B26C3E4AF67D63B996339A3E76CFFBBCBAAED13E4DFFC0A94C0566C590033F1838F02CE7A92C392402C71978B4873F5F574AF5D4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$|.e.....h.....i.....j.....k.....l.....n.....o.....p.+...q.1...r.=...s.N...t.W...v.l...w.y...y.....z.....|.....}...............................................................................U.................`.......................7.....?...........N.........................................S...........O...........F.....z.....g.....0.............................g...........(.....7...........o.....u.....I.................'.............................5...........G.......................6...........h.................. ....6!.....!.....!....K"....."....4#....I#....,$.....$....m%.....%....{&....5'.....'.....'.....(....8).....).....).....*....f+.....+.....,.....,.....-..........6.....X/....W0.....1....F1....)2.....2....G3.....3....44.....4.....4...."5.....5.....6....$7....V7....~8....F9.....9....[:....C;.....;....H<.....<.....=.....>.....?....o?.....@.....A....JB.....B.....D.....E.....F.....F.....H....,I.....I....bJ.....K.....L....%M....rM....?N.....N....RO.....O.....P.....Q....SR

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\kn.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):542325
                                                                                                                                                                                          Entropy (8bit):6.086545361822224
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:AbzQTckyVzNRrPyOjXMq5t8OQ4EVhGm6eCqV5b7fuhs8Ptdq7hUomrOe07F:2zQTccwc5F8qb7F
                                                                                                                                                                                          MD5:356B9A6391D89B870C09DD5EB00DE331
                                                                                                                                                                                          SHA1:0E2D88BE86C0B66F3C1BD9FCA7AB7A47E38B5EB9
                                                                                                                                                                                          SHA-256:F87B6BD2FA24DC68B7AD565EE50028867A5C39AE6EB96006848C737F3C69EB64
                                                                                                                                                                                          SHA-512:5CCFD7E0AC6D1F0D917F48D8429C32E8029DAAA68E2000A4291540DB51D5613FAD3200AE9DDB8FDBF86BA470A7056594977735AFA99EC2FA1857505B196B609C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........#}.e.....h.....i.....j.....k.....l.....m.....o.....p.....q.$...r.0...s.A...t.J...y._...z.n...|.t...}.............................................................................................................S.....q...........J.........................................E.......................c.......................h.......................w...................................).....=.................&.....3.......................#.................-.....=...........@.......................V.....z.................7.....\.....l.................7.....G...........+.....i.................I.....}.................T.......................W.......................U.........................................L.......................<.......................G.......................a.................5.............................Q.......................T.......................g...........*.....8.................B.....Y...........!.....P.....c.................6.....I.................:.....M.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ko.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):582911
                                                                                                                                                                                          Entropy (8bit):5.634943315491091
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:B+YBAZAMAAxqNmZ9ffdV575zk1rWCo6S6U:BDzMAsXV5m16Co
                                                                                                                                                                                          MD5:1A2B3A04973DADE71E963BF4460967BF
                                                                                                                                                                                          SHA1:7F24D5C7FE8EA8533432DD9801B50173658ED496
                                                                                                                                                                                          SHA-256:9378B20C9413D9B2A870F146F7A151576670DFD61498A71943AF3AB4A99DA44C
                                                                                                                                                                                          SHA-512:D42E051D2D19264ED961747283595518E3F21346362FCFED9A5D37683FDDDBF043D10B3710AB80FE41011FC0F59AA9A9F38F95B46D67DEF2194F842EE9726FBD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v. ...w.-...y.3...z.B...|.H...}.Z.....b.....g.....o.....w.......................................................................n...........\.....w.........................................a.....{...........r.................<.......................{...........7.....N...........H.....|...........+...................................<.....M...........;.....u...............................................l.................l.........................................F...................................=.....P...........D.....~...................................W................. .................;.....I...........|.................`................. ...........1.....k...................................e...........".....U...........,.....N.....a.............................{...........B.....f..................................." ....` ..... .....!.....!.....!....."....b".....".....".....".....#.....$....R$

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\lt.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):581278
                                                                                                                                                                                          Entropy (8bit):5.629069008321948
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:IWud1ph8fFsuRQ28cq39V3yNDtVF6w+HT7c49bkSZub3v5OycNpEX95gosryEAYm:qJFnF7HTw4Okmv5UEN5KyUZhm
                                                                                                                                                                                          MD5:40066BB6E0592D9892B5C3B09EF19934
                                                                                                                                                                                          SHA1:2DAAA058A3DF0CE9C480E241EE6D535CCE801B39
                                                                                                                                                                                          SHA-256:0D2AB7309266FD3C16C3CFC80AF4EF6D1D5FA6F3B9B9DF11A7FF7B9C683F04F8
                                                                                                                                                                                          SHA-512:83B950285CD13779272FE7BB77F1A299AD872B9569C06A91423F782F3A45AC07965CF5BF32FC503B8E393D4FB73674F359A0462C1315F39F905415DBE4B32875
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$|.e.....h.....i.....j.....k.....l.....n.....o.....p.+...q.1...r.=...s.N...t.W...v.l...w.y...y.....z.....|.....}..................................................................................... .....<.........................................P.....c.........................................U.....t...........S.........................................K.............................a.................D.................*...........".....[.....n...................................&.....v.................b.......................k.......................y.................1................. .................6.....H...........6.....m.....|...........e.........................................~...........q.................L.....g.....|...........{.................1.......................f...........6.....p...........=.....].....v...........z.................F.................!...........x.................v...........1 ....W ..... ....R!.....!.....!....."....n"....."....."....0#.....#.....$

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\lv.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1328122
                                                                                                                                                                                          Entropy (8bit):4.28570037951358
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:VAZnI3A2cMmsbbAxeIAxbFDqxn9mMD1UM6DdP6h+4rWZ3elhV5047dCBs/fa3jWp:WI3z5fkUZ3eB5047gs/C3E
                                                                                                                                                                                          MD5:6D9AED906CDB7F873A68D6CBEE8E9B8C
                                                                                                                                                                                          SHA1:6B823616FF775214B39947C10EC24F57A7C80265
                                                                                                                                                                                          SHA-256:EB3B3898B2774ACDD4701E8F689A6F1F0037FF8E00443990992E1F23B3342831
                                                                                                                                                                                          SHA-512:B2ADCCD595F9AEF333BA6BEFCCCBB401371659FDED1443E9ADA3A19477686E995FD7A06A670747D0522FA031449106C1C8AC1FF5A158E11B44A27DD86006F89B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$~.e.....h.....i.....j.....k.....l.....n.....o.....p.'...q.-...r.9...s.J...t.S...v.h...w.u...y.{...z.....|.....}...............................................................................`.................R...............................................a.................................................................Z.....K.....,.............................6.......................................................................q.....................................................0............ ..... ....,!.....!.....".... #....N#.....$.....$....2%....f%....H&.....'.....'.....'.....(....G).....).....).....*.....+....!,....U,....A-......................./....g0.....0.....1.....2....=3.....4....A4....+5.....5....]6.....6....Z7.....8....N8.....8....l9....9:.....:.....;....@<....(=.....=....F>....*?.....?....R@.....@.....A.....B....LC.....C.....D.....E....GF.....F.....G.....H.....I.....I....$K....+L.....L....;M....iN....dO.....P....WP....HQ.... R.....R.....R....)T....8U.....V

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ml.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1093518
                                                                                                                                                                                          Entropy (8bit):4.316650086169052
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:X7N3wwLpfU4zI/OhM0faJqGHi/ZN8853pj6PF:rpMNB0faJqUihNR53pj6PF
                                                                                                                                                                                          MD5:B05DA3E44EC560BBCB731CC7FDCDFF1A
                                                                                                                                                                                          SHA1:B99910347E6512E4E3ED2134FF673ECE441F38C2
                                                                                                                                                                                          SHA-256:AB8BDA8C04759A737797978EF1AC7D070116E340BDEA977A62C10176453B8B57
                                                                                                                                                                                          SHA-512:EF7CE42A913D5F57D059CEB9170767CB650BBE176906204D8C8002268210AA09FA008C9186EFD48A2320094972BE286DCFE70271236D1B9D71FF2BDF41F37FFC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.B...h.F...i.`...j.l...k.{...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.......#.....(.....0.....8.....@.....G.....N.....U.....V.....W.....\.....~.......................c...........Y...................................$.....Q.....'.....x.....~.....{...........4.................".....d.....0...........d.................l...........&.............................%.....(...............................................3...........................................................E...... ..... ..... ....)!.....!.....".....".....".....#.....$.....%....f%....N&....$'.....'.....'.....(....G).....).....).....*....G+.....+.....+.....,....Z-.....-.....-....$/....M0.....1....N1.....2.....2.....3..../3.....3....t4.....4.....4.....5....^6.....6.....6....&8....!9.....9....7:....!;.....;....?<.....<.....=.....>....=?....~?.....@.....A....@B....sB.....C....#E.....F....3F.....G.....H....1I.....I.....J.....K.....L..../L.....M.....M....)N....RN....sO....gP.....P

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\mr.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):498590
                                                                                                                                                                                          Entropy (8bit):5.2545072995804
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:jB+BJOsHx/eSTsewuZnhasxijClMlU0WsUcSc5oo/LOM6QlE0T:V+BV/JfnRxiPlUxg5bKMT
                                                                                                                                                                                          MD5:2CB91327F761143E84A1B5B5D3065E96
                                                                                                                                                                                          SHA1:AB43F2FC30C27D968A48A0422EEA56BFA7B77623
                                                                                                                                                                                          SHA-256:241F8F0FCD42B5A0081A95564541311D6BDBECB1639671181C151DD34DAB055B
                                                                                                                                                                                          SHA-512:3EEAE835F4E9F51D5D0475CC7E0027E9504A7ED2A65C2B0D452771FDF87EF1861C706194F3D44C7966FAC3A875B12F1534E66AB2471D70EC95277EC5356DF9BC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$u.e.....h.....i.....j.....k.....l.....n.....o.#...p.0...q.6...r.B...s.S...t.\...v.q...w.~...y.....z.....|.....}.....................................................................................-.....D...........K.......................|.................3.......................e.................(.............................s.......................u................. .................T.....l.................9.....B.......................#.......................-.................q......................./.....A.............................f.......................L.......................Y.......................R.......................B.......................2.......................@.......................c.......................K.......................,.....x.......................a.......................A.....Y.....e...........&.....W.....f...........3.....t...................................V.......................n.......................J.............................r.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ms.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):485305
                                                                                                                                                                                          Entropy (8bit):5.427430274456003
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:Y2OH60YwXEAS3e5hzahx3zwOp7fjB9ghm4C9/e8G5yV4VVzhhdCrQjWj:LOgkVch1zwOp7fjBcqW8G5yV4V9OQjWj
                                                                                                                                                                                          MD5:6902EE821D9669DCD5A4217B3EB2257E
                                                                                                                                                                                          SHA1:97A9EF051A83A56F3DE3A01503E6F4C06702E5C1
                                                                                                                                                                                          SHA-256:B88FAA8B9A24EFEFA383AA8F75330C279FCEDD5766B05E5B4FD0ABFA6C9D9623
                                                                                                                                                                                          SHA-512:1AEDB4AA16C616DE8CA132424D3ADC3308AB01C9DABBA950072B51746CB2F820BB1804979397D4ECEE8B6B6ED60F3058FC516CDCB590CA7DA1EB130DF68B382A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z...............................................................................................!.......................].................5.................#.......................1.............................x.......................y.................(.................J.....m...........z.................T...................................U.....o.............................N.............................o.......................R.....w.................N.......................Z.......................`.......................U.....~.................L.....z.................r.................(.............................d.......................I.....k.....}...........j.................;.......................A.......................V.......................d.............................-.....w.................h.......................C.....`.....n...........8.....g.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\nb.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):499939
                                                                                                                                                                                          Entropy (8bit):5.367097595300497
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:3cwm9ullbWusag/P5q9C5stoxFGp3wRQOTn:1m9ullbWust5q9C5sqxFGp3wRzD
                                                                                                                                                                                          MD5:0E4DEB9E17F3D9FEA1FD8FB706E96989
                                                                                                                                                                                          SHA1:31B5BED538C5B8C93E9D1FCDB6CE1EFF1280682C
                                                                                                                                                                                          SHA-256:BFB94507F74535CFCDF7FFC6F9F2988553EB0D1C7FD9B82C6C4EEE03AC1A9C89
                                                                                                                                                                                          SHA-512:C29EE57EC12201D01CE8D47ADFAED10A83E4B69B77726AE071A675F6972DD1F843B1BDE29A504B5968C97EBEFBC60AF2ACAA0BE93D971BB7F9840C65E9142B54
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.l...h.p...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.$...|.*...}.<.....D.....I.....Q.....Y.....a.....h.....o.....v.....w.....x.....z.............................G.................&.................2.....F...........-.....r.................U.......................M.....v.................1.....Y.....g...........?.....v.................o.................&......................./.......................Q...................................Y.....r.................5.....I.............................k.......................Z.......................\.......................A.............................s.......................h.........................................@.......................1.....|.......................j.......................v.................4.....{.......................q.................5.......................l...........B.....S...........A.......................s.......................\.......................R.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\nl.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):560590
                                                                                                                                                                                          Entropy (8bit):5.754015492472574
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:E1CokumWoOB/V4U/FmfQfXU6HAEb9EP3CUd1e3m0UQEmw1Qhisf5eKt4HtzJ:E1CG4+H01Qhd5ud
                                                                                                                                                                                          MD5:75560AD7D60EA2B46A3023817B290E71
                                                                                                                                                                                          SHA1:9E58502C56284BF4EF2CB533283C4F22E1670C47
                                                                                                                                                                                          SHA-256:E88363E98339C09F933A0D73BB9FDE15039E2DC5C47FDECA80CC9E1FF81DA7A8
                                                                                                                                                                                          SHA-512:1EB1BB35B5AF35C9943D1C41EC4A8057AD96B83F7C260AA0A1533EA63DF58D50DFF3C5E3C1FE970CF74785D60AF50EF628E540954D5A736B6E06DF63AC8FA033
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.#...v.8...w.E...y.K...z.Z...|.`...}.r.....z...............................................................................................(.......................{.................Z...........$.....B.................F.....\.................=.....Q.................P.....b...........9.....o...................................h.......................~.................&...........#.....n...................................w.......................7.............................I.....j.....x...........A.....z.................I.....|.................C.....t................./.....[.....k...........'.....[.....l...........V.......................U.....r.................2.....S.....y...........(.....i.....~...........P.................#.....i.......................Q.....w.................p.................R.................,...........".....e.................J.....w.......................7.....F.................\.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\pl.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):525928
                                                                                                                                                                                          Entropy (8bit):5.4293810403420535
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:1k+umr1MJbNBXBLEsf7gyq/55KJuS00sRhkFYK:du5K5sJfsRKFR
                                                                                                                                                                                          MD5:491724E51087BA846E4A944CCA0814B5
                                                                                                                                                                                          SHA1:9CF9C58C6BA95DC88AF32B68D23511CC9286B190
                                                                                                                                                                                          SHA-256:9B249F2F8FB63E45F7BC6BBA802D2D852BB2F3EB43F83994E79B26D90F667881
                                                                                                                                                                                          SHA-512:49F18BF9EF75BAA4CB01A56C2820ABC909E9B9C213EC1BA4BFDD1337AD9515F0CEAB8E31C89E3749634F841545CE1E7E5BDB854F5273E7A2BAC8ED9147C2A4F0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s."...t.+...v.@...w.M...y.S...z.b...|.h...}.z.....................................................................................................).......................m.................I...........5.....R.................Q.....f.................6.....F.................%.....>...........2.....x...................................x...........$.....5.................:.....N...........<.................4.................$.....s.......................S.......................Q.......................T.......................W.......................9.............................g.......................\.................).......................^.......................-.....y.................P.....{...........$.................$.....p.......................v.................@.......................~...........X.....n...........o.................H.......................".....n.........................................O.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\pt-BR.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):528471
                                                                                                                                                                                          Entropy (8bit):5.404523022029093
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:bbsPm2EkN8QlFYF8fieJVJJxham4kR5fVCO5aKEHSRPF:bbx21slO5aKUSRd
                                                                                                                                                                                          MD5:EBE41C9A475C65AA4DA33EB423CBFE79
                                                                                                                                                                                          SHA1:78D07B2E5617DB8D9FFAA03A95138662FAFBC493
                                                                                                                                                                                          SHA-256:284E2E6B7FD6A247F1DDD2860BCF2FB4F4C6ECF34ED68D8F7A8C2049AB61E2CC
                                                                                                                                                                                          SHA-512:3B09F4F54B25AA2209AC8DEBD4D642201AB198956502DF39AD4F39EBF3A0520E5B8874E74EDAC98B41E328FF4875F7EC4039D2B4EABBBAFCF548715CCE4B96B7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.#...q.)...r.5...s.F...t.O...v.d...w.q...y.w...z.....|.....}...........................................................................................*...........>.........................................k...........K.....f...........Q.......................\.......................=.....j.....|...........j.................P.................(.................A.....N.................M.....].........../.....{...................................[.......................F.......................>.......................N.......................V.......................A.............................p.......................^.........................................>.............................V.....p.................E.....r.................e.................4.....{.......................e................. .....q................._...........:.....R...........B.................'.......................6.......................).............

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\pt-PT.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):546764
                                                                                                                                                                                          Entropy (8bit):5.454463666754963
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:vKKk0VgRYLfXSAfTCeVootxZIXPK8XGp5ajoUs2f/fO53:v7kAfXSAm4oojZEi8U5koU/Y3
                                                                                                                                                                                          MD5:28F53F79B903484B19E9058A0185EF62
                                                                                                                                                                                          SHA1:BD557C05F6B3EA55BC346704414872980198BC9D
                                                                                                                                                                                          SHA-256:CD38E5A8A4C3FEDCFCD1DE513BCA330E42BB1F765ED8520F14A9D0CEE05C5014
                                                                                                                                                                                          SHA-512:A0D0EBA1778BE43E5D7DCC469C0C11FFFFB944CDFB13B39E907DBA15A153C8840D499BDDA4706B60FE369036A7AAD77307759F46DAF7D7FA6EC30175026A6A7C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................m...........K.....e...........&....._.....s...........z.................k.................5.............................n.......................}.................E...........3.....x.................z.................B.......................Y.............................%.....z.................G.....e.......................=.....Q.......................&.......................&.............................q.......................K.......................*.......................E.................'.....y.......................I.......................H.......................c.................N.........................................-.....H.................L.....a...........^.................S.................).................8.....P.......................(.................e.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ro.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):894248
                                                                                                                                                                                          Entropy (8bit):4.853777212022142
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:fT6txnsfQjRo4Y+7VMh/K69zJ9fx+aAmamqSGsN0zqcnYH8eXN2hPO3j/7rbzvM5:f0eno596E3
                                                                                                                                                                                          MD5:EC048E111E16BB45E5DFAA79E2988B61
                                                                                                                                                                                          SHA1:F3DDD9903C10C8A9813B8E43898CC746C343DD1B
                                                                                                                                                                                          SHA-256:F9DB82DF1F589383B7C69AE86855657D2C129E45D28D88D5EB9C231C7673FD19
                                                                                                                                                                                          SHA-512:775CC311258370519A8F037E55AFDA3F9B2DFEEFC5DC2F5CEE277C114CABB07284080C9686C5B6FB4BFA4BA0D1B381068E81233AB1D376550399AF4E0D62C803
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$D.e.F...h.J...i.[...j.g...k.v...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............#.....+.....3.....;.....B.....I.....P.....Q.....R.....T.....q.............................N.......................0.......................a.............................d...........M...........U.....x...........*.....n...........9...........+.....g.....Z.............................*.....|...........X...........9.....^.................@.....m.....q.....k...........:...........M.....z...........;.......................|.................7...........<.....u...........@.................?...........B.....}..................................._.......................0...........|...........1.......................q.............................).................. ....K!.....!....."....."....."....##....5#.....#....d$.....$.....$.....%.....&.....&.....&.....'....?(.....(.....(.....).....*....8+.....+....6,.....,.....,.....-.....-..........C.....\.....4/...../....Q0

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ru.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):563868
                                                                                                                                                                                          Entropy (8bit):5.811666883187016
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:4pbEf/qsokgDV+yHih+BD5yTlcLzTlXLPxt9+:+Ef/qsy+yND5fL9ltU
                                                                                                                                                                                          MD5:66268D564F98800BA9089E18FB6FADAB
                                                                                                                                                                                          SHA1:9EC5E96E9387EEA89FF80CF9830941AC5FA39B5D
                                                                                                                                                                                          SHA-256:5608658D3C119F72B3FF286E5242958ACA3B52A49B3A11E1E8E0814A80A816C3
                                                                                                                                                                                          SHA-512:E912049C309E2A50D4FECEFC84D8C7A3C8FF16D1783AE50FDF4A21DF77BEE78287FE46D41D915AA79330252B1453FF73B32E21FAFAD4BBE4A002A647BACC73D1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.&...v.;...w.H...y.N...z.]...|.c...}.u.....}...............................................................................................K.................O...................................m.................X.......................w.......................r.........................................}...........I.....l...........c.................).......................m...........'.....>...........c.................1.............................{.......................t.........................................K.......................`.......................q.................2.................>.....Q...........k................. .....n.......................R.....n.................M.................%.......................g.......................k...................................8.....R.........................................0.....Q...........".....Q.....e.................6.....J...........A.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sk.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):541701
                                                                                                                                                                                          Entropy (8bit):5.482723097852039
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:9b6vo8B2XKjcELn5C+cyJHjgMi/fzXlqc:9+voROLn5C+c4i/fzX7
                                                                                                                                                                                          MD5:1DA905D46439A65753AAAC5E0B24CA3D
                                                                                                                                                                                          SHA1:89D9B714965B5E0275E9FED8AA1191B6E598F7A3
                                                                                                                                                                                          SHA-256:9EA136F6A894EB265D82BE30636989977311440B9B88281502BE78B3F853433A
                                                                                                                                                                                          SHA-512:FD5D59FA0975A565083183625D496AD3D4E82361CFFA9A63DD92FC3213A49FE44FAEF778C88643F8DCFDEE900893EF739DF94C378232ADB18E4F68538E6F8036
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.p...h.t...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.&...|.,...}.>.....F.....K.....S.....[.....c.....j.....q.....x.....y.....z.....|.............................Q...........3.....L...........".....S.....d...........p.................D.......................I.......................;.......................M...................................8.....Y...........7.....q.................[.................'...................................b.................7.....N.....f.................;.....K.................0.....C...........&.....b.....v...........=.....p.................g.......................y.......................}.................,.......................P.......................8......................./.......................V.................)...............................................*.................:.....R.......................'...........\.................[.......................W.......................I.............

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sl.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):831714
                                                                                                                                                                                          Entropy (8bit):4.786121688044425
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:EW7T2A7Ey2LYheWId1OShdEudPNRaIA1ID5f01KxVxz8/8W37ZjejM/k/u:EWHDS8mD5lxLS
                                                                                                                                                                                          MD5:049129712BD8F949525470590E78FD55
                                                                                                                                                                                          SHA1:E4E8CEE1D2B3907BE2F87982D5746748E7631B6D
                                                                                                                                                                                          SHA-256:9E5FE2354ED58CDBC1EC6251FEED967643B6E251CD05B83EA05C87A958A29937
                                                                                                                                                                                          SHA-512:11F3C9CBB29CF798D570A2546133A7888277A2B9D6DAADF2225CCFF0681F2976A2A7E334AE52246DBFB48D1EEBB4CA9312B45965269C022D854C145C2241D4B7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.(...t.1...v.F...w.S...y.Y...z.h...|.n...}.....................................................................................0.....e.....R.............................,...................................I..... ...........:.....o.........................................Z.....q.....C...........2.....m.....m.....+.......................S.......................3.......................W.........................................\.................%...........*.....d.........................................<.................o...........D.....e...........~.............................C.....d...............................................% ..... ....+!....c!.....!....*".....".....".....#.....#....L$.....$.....$.....%.....&....y&.....&....l'.....'.....(....>(.....).....).....).....*.....*....m+.....+.....,.....-.....-....q...........}/....'0.....0.....0.....1....&2....y2.....2....$3.....3.....3.....3.....4....c5.....5

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sr.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):488477
                                                                                                                                                                                          Entropy (8bit):5.539514294311883
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:gyxFxoU7x5t18Owzfn/lAFKxwucsX9n4RFcnqS83G6iMZSOwDE/xWcqVJ5iJu5Cp:gyxrgxzCFfI5j5Cxv
                                                                                                                                                                                          MD5:CA76995C98ABCF4B3CCB278E17BE90B4
                                                                                                                                                                                          SHA1:33B67943BB2FCA6179C25188A9AC65C77A0BF405
                                                                                                                                                                                          SHA-256:84CD72BEA2768AE658E8CB625EC042CECC221E2B4CB028B44979B5E4F603C88D
                                                                                                                                                                                          SHA-512:4104625E8ED872FA900ACD5DCE242AD368116A7B663451DA7586CE7C172652F37AA3A4D1EBB08460998795215539CE19FACD3C21169585E3B72AB60725D4B5F5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.@...h.D...i.U...j.a...k.p...l.{...n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}...................%.....-.....5.....<.....C.....J.....K.....L.....N....._.....q.........................................e...................................n.................W.......................b.......................a.........................................X.................0.......................(.................D.....T...........P.................L...........:.....Y.....................................................c.......................W.......................d.......................Y.......................I.......................@.......................K.......................`.......................9.............................Z.....{.................e.................0.............................w.......................m.................8...................................U.....{...........G.....w.................$.....B.....P.................=.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sv.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):513900
                                                                                                                                                                                          Entropy (8bit):5.344746054879102
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:cpIXyATLXIuOcoW5ruCERdSUrbQBDFY6DDJ8cZgL6529b9uyO6IKPe/Br2tfj:ccyZo5S3
                                                                                                                                                                                          MD5:556EB2D19EF88DEAB234ACC582CD59D8
                                                                                                                                                                                          SHA1:21E5866D6DEC80D7A7299D7D79A14C5EA0C099E4
                                                                                                                                                                                          SHA-256:F37FB8280F36C1188EB52B20E87321FC90ADF667EAEECBA99D7987836DE26892
                                                                                                                                                                                          SHA-512:4C5BA5F782DBE58649FBC12E23997F2F6C2BAE702A429214597CC063918926322945C7194758AF3A88C50D2CB9A2C8CCD323355040A77B2B538CA5AA0312402F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.(...w.5...y.;...z.J...|.P...}.b.....j.....o.....w.............................................................................u...........D.....Z...........).....h.....z...........m.................2.......................$.....w.......................\.......................f.................H.................,.................8.....H.......................<.................=.....Q...........`.................3.............................Q.....t.....}.................=.....I...........,.....w.................6.....j.....|...........@.....}.................0....._.....l...........&....._.....h...........L.......................^.......................h.................*.....z.................F.......................x.......................S.......................a.................#.................u.................k.................T.........................................,.................[.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\sw.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1320500
                                                                                                                                                                                          Entropy (8bit):4.062774531809682
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:BTvvMOEEaXdfBdmXzhqK5xzotR1cA25tm1vYpiMyk:xMb1BOsK5xzccA25tm1vYpiMyk
                                                                                                                                                                                          MD5:2183EF7EB74F136CD972AEED9FB378CB
                                                                                                                                                                                          SHA1:B63653C504420EF6FEF72C5D5D6E91D9AF9F4D3E
                                                                                                                                                                                          SHA-256:B8C4187C5A096FC5F52E39CEA6561E280387EDFB8C3AF31A8880AE4D282FAC6F
                                                                                                                                                                                          SHA-512:1A1958694555836535CCC1C57F8A0A766A361DEA730FE2713ECF20B0090E74D4E3DAA8456E39ED17E75E939025298BAD422377A5FE2B1A4836AF196F8533A1FC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.j...h.n...i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z."...|.(...}.:.....B.....G.....O.....W....._.....f.....m.....t.....u.....v.....{.......................x...........s.....9.....b.............................f.......................-.....c...........1.....2.....%.........................................P.....T...........?.............................<.....R...........8.....y...........D.....u.......................M............ .....!....V!....Y"...."#....v#.....#.....$.....%.....%....%&.....'.....'....C(....w(.....).....*....>+.....+.....,....r-.....-....%....../...../....q0.....0.....1.....2.....3....43.....4.....5.....5.....5....'7....x8....T9.....9.....:....{;.....;....,<.....=.....=....3>.....>....Y?....B@.....A....ZA.....B.....C.....D.....D....qE....7F.....F.....F.....H.....I.....I.....I....iK....|L....]M.....M.....O.....Q.....R....0S.....T.....U....NV.....V.....X....TY.....Z....eZ....i[....V\.....\.....]....H^....w_.....`

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ta.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\te.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1219707
                                                                                                                                                                                          Entropy (8bit):4.317060924736985
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:UNne1V7McKNpCrWtFwd49+6gb0tQWp5Bi3p1FwPOiTlC2pCgmNFqPZrO0oXAogQN:UNnsM1o5fMB6
                                                                                                                                                                                          MD5:ADBA9A9C6507AB74F757B72892EE33B7
                                                                                                                                                                                          SHA1:AB9E424C2300A4E81DDB041F2FA1B14F3855E157
                                                                                                                                                                                          SHA-256:B1DB19096C91EC4B496BBA41115C0B98DAA64EA0EB2834DDA3ADAC66F3AB8C29
                                                                                                                                                                                          SHA-512:85A273758EDED695004DDB7926CC0A1AE9604A51EAD202152F2C3DABC96A2FDB780C458BC4AF244BBCC792877901716573262879B2E8A524A015B00A17BA2AAB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$|.e.....h.....i.....j.....k.....l.....n."...o.'...p.4...q.:...r.F...s.W...t.`...v.u...w.....y.....z.....|.....}.........................................................................'.....[........................................._.....Q...........:.............................<.....U.........../.......................B.....Q.....!.............................5.................B...........n.......................o.................2.....u.......................G...........-...... ....g ....R!....."....W".....".....#....z$.....$....&%....:&.....&....j'.....'.....(.....)....v*.....*.....+.....,....X-.....-.........../.....0....H0....g1....72.....2.....2.....4.....4....b5.....5.....7.....7.....8.....8.....9.....:.....:....);.....;.....<.....<.....<.....=....p>....1?....i?.....@.....A....PB.....B.....C.....D.....D....JE.....F....hG.....G....9H.....I....<J.....J.....K.....L.....N.....O.....O....tQ.....R....8S.....S.....T.....U.....V.....V.....W.....X.....Y....IY.....Z.....[....L\

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\te.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\th.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1025905
                                                                                                                                                                                          Entropy (8bit):4.362277360600447
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:SrS1N9LyZYACTBz1L/LLXPX9s0nIJZgv1V5UBu7L3fBj8BlzEdq3Ro9AGdI9uLAJ:+ou5555
                                                                                                                                                                                          MD5:E7A2587CD69D383FA3AB0B5A99AE5287
                                                                                                                                                                                          SHA1:994FBBDA5410D55458F01EE5C6007C8BFB755BBA
                                                                                                                                                                                          SHA-256:73096FA2EB7575FE9702228BA87090872CFE7E8C89CDFD823294ED03DB5EDEF9
                                                                                                                                                                                          SHA-512:698E97F34CCCD6743086A27FF13043B72912804A16364F0EDB5DEFB06151AD179ABA344884A10965A418858BE3A2E7747ECB6ED80476F882A7D3E962FF56869B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........#c.e.....h.....i.....j.....k.....l.4...o.<...p.I...q.O...r.[...s.l...t.u...v.....w.....y.....z.....|.....}...............................................................................9.....c...............................................>.............................F.......................;.........................................8.......................w...........`.....W...........h.................0.......................D.......................R.................$.............................................................................v.......................~...................................6.................#.....J............ ..... .....!.....!.....".....#....*#....D$....A%.....&....-&.....&....l'.....'.....'.....(....()....q).....)....F*.....*....-+....]+....},....2-.....-....8...........M/...../...../.....0.....1....r1.....1.....2....)3.....3.....3.....4.....5....z6.....6.....7.....8.....9.....:.....:.....;....&<....V<.....=.....=.....=.....>....'?.....?.....@

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\th.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):524677
                                                                                                                                                                                          Entropy (8bit):5.617230451618925
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:yoQUxBiHzpR9GcvONqVRgrWBguZSz+iCqQJoCN+HG4ngeJ5wB/R+bi1SGedTAM3Z:UUxBQ1zBEq0yG50qHGA5wB/c
                                                                                                                                                                                          MD5:B00E05AE3EBAA5A315872F24BE2DDB6F
                                                                                                                                                                                          SHA1:141160CD3B6A4CEDC2685F347A42FB89ADDE031A
                                                                                                                                                                                          SHA-256:5AD03FAD2C79731396385A5C3EABFA991BB257886935EE015307931C3C58DFF5
                                                                                                                                                                                          SHA-512:A6B6546B14EFE3759CE0A38329F3B5FBE13A73D73E3FD681A9281C0C505B579FA07CFAB5C50E4AE6076257F82F67ACC54CB0B9816ABAA890CA7B3F994E8436C2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$h.e.....h.....i.....j.....k.,...l.7...n.?...o.D...p.Q...q.W...r.c...s.t...t.}...v.....w.....y.....z.....|.....}.........................................................................".....8.....M.....g.............................i...................................^.....y...........:.....u.................1.....X.....g.................J.....\...........,.....^.................s.................8.......................7.......................D...................................G....._.................I.....e...........$.....S.....d........... .....N.....^...........).....`.....m...........<.....s.................E.....w.................@.....p.....|...........A.....u...................................Y.......................Z.......................:.......................M.......................k.......................R.......................j.............................h.............................<.....`...........f................./.......................F.............

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\tr.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):891860
                                                                                                                                                                                          Entropy (8bit):4.887779263943541
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:xGft5on20SlRfnqz/T0hNai4IEE52B3IjQAMXES/OuOLNiXEqqbLIyz+4uL2uoU:xG15onQSs5YEG
                                                                                                                                                                                          MD5:06133217E0FC480E2F43F74AA132EDD7
                                                                                                                                                                                          SHA1:EB422C32A18A8770CDD4D019B85046A315A6C8CD
                                                                                                                                                                                          SHA-256:2BB2C2E67CE4F62435FCBB4B3D96253AD5F6065BBD4729CFD44E226B965A7984
                                                                                                                                                                                          SHA-512:5311CE90877EEB64F05BA039839424B676F67280783A66CC041E388CFC81371B8D779C11CF9901A6B92678C64A3D71945BA4CCD29599E164E4AC1896EE132C97
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........`$..e.....h.....i.....j.....k.*...l.5...n.=...o.B...p.O...q.U...r.a...s.r...t.{...v.....w.....y.....z.....|.....}.........................................................................(.....A.....k.................T.......................M.......................[.......................v...........%...........H.................f...........R.....g.....#.................H.....5...........w...........e..........._...........-...........!.....B................. .....M.....<.......................P.............................(.....h.........................................4.................R...........,.....G...........X.................J................./...........B.......................p...........;...........M.................& ..... ..... ..... .....!....+".....".....".....#....h$.....$....W%.....%....X&.....&.....&....`'.....'....$(....Q(....().....).....*....Z*....L+.... ,.....,.....,.....-.........../....U/.....0.....0.....0.....1.....1.....2....Q2....n2....B3.....3....^4

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\uk.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):778961
                                                                                                                                                                                          Entropy (8bit):5.172607429771382
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:JaRqEcN0s8PGmuDltyfHeMK5AQDPEFfWaKxNQYriwadcJKwUUuvco/9NjjFpv0h:Iiwk5qWj
                                                                                                                                                                                          MD5:99169B41D0BD7F9AC47C88F99E33D521
                                                                                                                                                                                          SHA1:FD8AAEF710593F22E969EFB3FF25556F1BCD3E5E
                                                                                                                                                                                          SHA-256:95325A5FC4D46B5BB197751BDEAA600A1A64B55DB798016A853250D9256301B7
                                                                                                                                                                                          SHA-512:41EFF393E31EBE62B23F18184D19FFE9C79A71C29EFF84CDC289293F529C10D016C19CD948ED39E9336A9CA0E0C2A72FF986D29D1A1969DDF5D98888B3669F81
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$..e.....h.....i.....j.....k.....l.....n.....o.....p.....q.....r.....s.....t.....v.'...w.4...y.:...z.I...|.O...}.a.....i.....n.....v.....~...................................................................................5.....\.................(.....L.....+...........g...........O...........V.....z.........................................T.....w...................................V.......................0.................Q...........M.....j.....=...........w.................H.................|...........&.....N...........9.....v...................................y...........M.....k.........................................S.....o...........k.................V...........$.....@.................-.....X...........h.................^.............................! ....g ..... ....O!.....!....K".....".....#.....#.....#.....#.....$.... %....r%.....%....j&.....&....d'.....'....e(.....).....).....).....*....Q+.....+.....,.....,....q-.....-................./....W/...../....)0.....0.....1

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\ur.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):620353
                                                                                                                                                                                          Entropy (8bit):5.7924630369242625
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:Ac+gw3uUg+cnwJTroEw/aB1INgsHkL0eetDfL9v2J5WZ8h67InkiNwziMHQQwti4:Ac+gd+cnwJTiaQNgsHg0e4E5u8o7xiN3
                                                                                                                                                                                          MD5:9626571ADD089F7010CFFF6B8C893EB5
                                                                                                                                                                                          SHA1:1A933789FDE207BFF34CE255E7E7212F8FDF273B
                                                                                                                                                                                          SHA-256:D351B4DAF943CE616D66F43A36FDFB390CBF19DF7E729B9D499AF3B16D34C170
                                                                                                                                                                                          SHA-512:C64A41FC359C3CB4D14C14E274FD7FD4B92BE6A7656374B136EB52C7238334F1CAD4F3363A84A9169A84F71A7E4AABF8B1A25D216D5B1D351FF79C4A8FEC7192
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........]$..e.....h.....i.....j.....k.-...l.8...n.@...o.E...p.R...q.X...r.d...s.u...t.~...v.....w.....y.....z.....|.....}...............................................................................-.....V.....u.....-...........K.....g...........{....................... .................5.......................p.......................e.............................6.................s.......................?.............................-.....y...........5.................B.......................".......................<.................F.....W...........7.....s...................................L.......................a.......................v...................................9.....K.........................................E.....d...........9.....c...........Z.................Y...........U...................................m.................:...........4.................S...........i ....} ....B!.....!....@"....z"....."....c#.....#.....#.....$.....$.....$.....$....i%.....%....Q&....r&

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\vi.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):449776
                                                                                                                                                                                          Entropy (8bit):6.685457449005063
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:P1sG8CyOdnkDKzAIa0g7H56+LxCkGDo58WhNyht8g7Lcln:PCGRyOdk2zVad56+LxWo5DhNyht8gM
                                                                                                                                                                                          MD5:968FC657ACB577D184EA0A716AE5B19F
                                                                                                                                                                                          SHA1:ED37D428610D950A5897D9B282A75FD537F178CA
                                                                                                                                                                                          SHA-256:3F774B33B01F86493E7EF1EDEFABC7CF49B58981358438979F32106557C849A6
                                                                                                                                                                                          SHA-512:859083FDF742AC3B3666AA667F4DA228999C988A2AFF23C158735345996C98CA302F0FBFD1190109D9969F45DA150C79240ED93A8ABB926946B899633BF07383
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......../$..e.....h.....i.....j.....k.....l.....m.....o.....p.....q.....r.....s.....t.....v.....w.....|.$...}.6.....>.....F.....Q.....Y.....h.....m.....u.....|...............................................@.......................q.......................o.......................z.................0.....~.......................V.......................5.......................5.......................Q.......................B.......................(......................./.......................2.....u.......................<.....b.....n.................!.....0.................8.....J.......................$.....}.......................b.......................:.......................=.......................N.......................%.....s.......................f.......................I.....}.................,.....F.....R.................4.....F.................=.....]...........F.......................l.......................i.......................1.....O....._.................?.....Q.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\zh-CN.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):447533
                                                                                                                                                                                          Entropy (8bit):6.693705796563921
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:dQezZRtkOt3+JmCEW2RuWgehW25LYIz17fxAy0j7zylk6T7:FzZ8OtAEgehW25LYIzVXm7sv
                                                                                                                                                                                          MD5:756E8E06E626755BBE8E555816729F82
                                                                                                                                                                                          SHA1:74553DFBE30832B1522E7C7FB0ADCA9E2713D710
                                                                                                                                                                                          SHA-256:F397B495DB8F47789774FEB5B8A2FE9970DE2E9F22D280FA508D8602FD1DD4DA
                                                                                                                                                                                          SHA-512:543F9B6C646D6E10A9AAF22CDAEEF2555182481E6A2E292B66DD5FB9F13AAFD67B4FAA2A70DEA1717936482F43FCACEDF1096E0EF6FDA8240A3E93F7F47B85CF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........$=.e.T...h.X...i.i...j.m...k.|...l.....n.....o.....p.....q.....r.....s.....t.....v.....w.....y.....z.....|.....}.............$.....,.....4.....;.....B.....I.....K.....P.....Y.....e.....t.................s.......................k.......................`.......................].......................J.....s.......................<.....I.......................9.................%.....:.......................(.....{.......................j...................................(.....:.............................8.............................O.....r.................).....R.....^................./.....;.......................*.....|.......................T.......................E.......................;.............................G.....a.................E.....W.................5.....X.............................Y.......................D.......................M...................................$.....9.......................$.....d.............................q.......................c.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\locales\zh-TW.pak.info

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1002118
                                                                                                                                                                                          Entropy (8bit):5.421493602926462
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HPwCbHEzqTGHhxK7gCBYVExtHnOwkxwkYOjTlz4:vOjTG
                                                                                                                                                                                          MD5:E3BEB49BA64CB7A3AF04BE34B2FB2FF4
                                                                                                                                                                                          SHA1:DDC36967B80FF1062461BF0B691736A9F8F3D57A
                                                                                                                                                                                          SHA-256:E957CDE29B8732CC46E61C98629CBBFAA23333776AE5DB166A2B2169799C8290
                                                                                                                                                                                          SHA-512:9DBC8F89809926E8B19609018F6C82BF9411A8C9690C6EBBCC93F2BFCADD194C27A8220AD581FC60D168AA06AE3D35072BB298A9619E4D6A8664EC6AF6A49FDC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:IDS_ACCESS_CODE_CAST_ACCESS_CODE_MESSAGE,1400,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_BACK,1401,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CAST,1402,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_CONNECT,1403,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_DIALOG_TITLE,1404,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ENTER_CHARACTER,1405,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_ACCESS_CODE,1406,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_DIFFERENT_NETWORK,1407,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_NETWORK,1408,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_PERMISSION,1409,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_ERROR_TOO_MANY_REQUESTS,1410,../../chrome/app\access_code_cast_strings.grdp..IDS_ACCESS_CODE_CAST_E

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\natives_blob.bin

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):218275
                                                                                                                                                                                          Entropy (8bit):5.34737925007636
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:uUKt1rxNpyXcsR/H/UxRjh7uHRcdA4SSSLl/sL8:uUKvrxNpyXcsRf/UxRjhwcdAuY
                                                                                                                                                                                          MD5:100F66BE85612F7DD095E0F468497F68
                                                                                                                                                                                          SHA1:6D0B30428726D079AF3DEB3279033C268733DC22
                                                                                                                                                                                          SHA-256:E8472A5C9291C2B46B7BE611EC994D5E37ED9EC1B473E50DFC9A94C9A923CEC2
                                                                                                                                                                                          SHA-512:841A90B6B54FEAF47973990882D9A274B4E9F8E850E21A2B94A41B8FFD501969C77003C19B961D180CB2A0062B7E32A5AA6514FB34ABE8F1BA818795A2B91FBD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..mirrors....(function(a,b){."use strict";.var c=a.Array;.var d=a.isNaN;.var e=a.JSON.stringify;.var f=a.Map.prototype.entries;.var g=(new a.Map).entries().next;.var h=(new a.Set).values().next;.var i=a.Set.prototype.values;.var j={.UNDEFINED_TYPE:'undefined',.NULL_TYPE:'null',.BOOLEAN_TYPE:'boolean',.NUMBER_TYPE:'number',.STRING_TYPE:'string',.SYMBOL_TYPE:'symbol',.OBJECT_TYPE:'object',.FUNCTION_TYPE:'function',.REGEXP_TYPE:'regexp',.ERROR_TYPE:'error',.PROPERTY_TYPE:'property',.INTERNAL_PROPERTY_TYPE:'internalProperty',.FRAME_TYPE:'frame',.SCRIPT_TYPE:'script',.CONTEXT_TYPE:'context',.SCOPE_TYPE:'scope',.PROMISE_TYPE:'promise',.MAP_TYPE:'map',.SET_TYPE:'set',.ITERATOR_TYPE:'iterator',.GENERATOR_TYPE:'generator',.}.function MakeMirror(k){.var l;.if((k===(void 0))){.l=new UndefinedMirror();.}else if((k===null)){.l=new NullMirror();.}else if((typeof(k)==='boolean')){.l=new BooleanMirror(k);.}else if((typeof(k)==='number')){.l=new NumberMirror(k);.}else if((typeof(k)==='string')){.l=new

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\node.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):18201088
                                                                                                                                                                                          Entropy (8bit):6.4932256115450375
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:196608:OClFgvw8eWv14jYkndNx/YDB3vOz0hGxxC:OogvwjWN4LdNWDpvOz0EfC
                                                                                                                                                                                          MD5:D75452669E917D4EB4701F8AAFFCC99F
                                                                                                                                                                                          SHA1:2FC81479CA44F3D28B58E231C3798E06AA06AF23
                                                                                                                                                                                          SHA-256:B77F8A9FFCB43FF98A7E8F44ADCB80D20D074FE2552F6DF753EDD711698B21F9
                                                                                                                                                                                          SHA-512:4C3737F697DA8A0D80255AF1A515F2E5FA6BE27643FA7B24A51577F3D42CD9B636527B69E2C1947C0DC6D62504B6EC38BE0DF5AD1048584BB628E66443C4209F
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....Be.........." .........................................................?...........`.........................................x....#......,.....>......P8.Tn............>..t..|...........................(.......8...........@................................text.............................. ..`.rdata.............................@..@.data...p<*.........................@....pdata..Tn...P8..p..................@..@.00cfg..0.....<......D..............@..@.gxfg.........<......F..............@..@.retplne......=......6...................tls....a.....=......8..............@....voltbl.......=......:.................._RDATA........=......<..............@..@.rsrc.........>......>..............@..@.reloc...t....>..v...D..............@..B........................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\nw.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):208823296
                                                                                                                                                                                          Entropy (8bit):6.697368222848026
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1572864:UtAt+kI758sDa3FD2Ps+hvUzVxi2c0ewtV4DZEFJpHNZZu4XgAijI2Mf3vW4Rl:ArS5VeZwMlw3zl
                                                                                                                                                                                          MD5:E364CDA0087825F70EF0332E2BE65379
                                                                                                                                                                                          SHA1:BA9FC41CDDCCB576F022D34C003E86736EF5BF62
                                                                                                                                                                                          SHA-256:F924FEB13C23A57529054107D2412F16EDF8A31DAC7E8AA6E36EAF86C6A47A7D
                                                                                                                                                                                          SHA-512:C471264CDCFBB0AB7BE89DA58498C2BA86184917B623C262581212654B0D6549663212A148A5A92FE1342201FD4E9B77CD0478ABE013FA817A0BDC7A9EEF4280
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......E...,.......?...................................................`A............................................C.#....|....0l.`.... ...._...........q..1.. O..8...................0H..(.....8.8...................]..`....................text.....E.......E................. ..`.rdata...a....E..b....E.............@..@.data...P. ..@......................@....pdata...._.. ...._.................@..@.00cfg..0....0k......(V.............@..@.gxfg....C...@k..D...*V.............@..@.retplne......k......nV..................rodata.......k......pV............. ..`.tls....Q.....k.......V.............@....voltbl.v.....k.......V.................CPADinfo8.....k.......V.............@...LZMADEC.......k.......V............. ..`_RDATA........l.......V.............@..@malloc_h0.... l.......V............. ..`.rsrc...`....0l.......V.............@..@.reloc...1....q.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\nw.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2337112
                                                                                                                                                                                          Entropy (8bit):6.448273621618817
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:9W3aFEhyflDCQ6n85K353JCJ9f98Tplhpgh:owrGjG8Tpmh
                                                                                                                                                                                          MD5:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          SHA1:C041EFB63894032BE1B8E517B8CBB45454CCF330
                                                                                                                                                                                          SHA-256:221027FD7E324A31614FDA2DAC69E3B9AF082895FF7C45B6C19D42AA27592DA3
                                                                                                                                                                                          SHA-512:D689575C7F1430BF0B92AAF50A757F7C9E3DD5E8AF71DACF0911EA484DB79460369455F91B2F480B0F224FE7D0C0199AFD9DB98B65FBA3F3BC3FF430838C5C04
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........."......8...>......p..........@..............................$.......#...`..........................................e......Rf..d.......2.......(.....#.X)...P$.. ...>..8...................p=..(.......8............n..`....V..`....................text....6.......8.................. ..`.rdata.......P.......<..............@..@.data........@...D... ..............@....pdata..(............d..............@..@.00cfg..0............T..............@..@.gxfg...P........0...V..............@..@.retplne..... ...........................tls.........0......................@....voltbl.D....@..........................CPADinfo8....P......................@..._RDATA.......`......................@..@malloc_h0....p...................... ..`.rsrc...2...........................@..@.reloc... ...P$.."...^#.............@..B........................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\nw_100_percent.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):682477
                                                                                                                                                                                          Entropy (8bit):7.963912396307454
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:7PI3H1fJKjzgsz5B0GDJQrnKs8SNP+QSsSilRBdNz10Vc+gIXsbXoO0TehEr2:83VBK7zEEmPLSOdNz105gUyXoO0TO5
                                                                                                                                                                                          MD5:93D58EFB8C31214A57515A2AE1D2FD30
                                                                                                                                                                                          SHA1:64DB5C74C4FD45BF77E33425C1D1E844D245C535
                                                                                                                                                                                          SHA-256:835E6B02123D59FC73D43F8286ED77E8B7C3963D739C45B81D3AE8E59E60BFC7
                                                                                                                                                                                          SHA-512:435C4F5404D7EF4402E7A91ED7C8FB486C361B0BA39F09E066BEB3FFE1EE4FDFB2AB28F994494232A781F19696649646AD2A54499F8B6D10C34F823AD319CC1F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..........K...........................<..........;.....;d....;....;8....;.....;.....;d....;....;"....;.....;....;5....;.....;....;J....;.....;.....;F....;.....;y....;.....;....;-....;K....;.....;.....;.....;.....;!....;.....;.....;.....;.....;.....;i....;1....;.....;.....;.....;,....;.....;.....;a....;.....;q....;.....;k....;.....;.....;L ...;.)...;.2...;.F...;.Z...;.[...;)]...;._...;.b...;Pe...;=n...;.u...;.z...;.....;B....;....;*....;....;0....;.....;....;[....;J....;p....;.....;.....;.....;y....;.....;.....;.....;P....;4....;.....;.!...;G)...;.....;@7...;.8...;mV...;.o...;U....;.....;....;.....;.....;B....;M....;.....;.V...;fk...; ....;....;.....;....;q....;J....<.....<.....<_....<.....<x"...<.)...<%2...<Q:...<.?...<"K...<aU...<^Y...<.^...<)c...<.t...<.....<g....<.....<.....<.....<W....<Z....<.....<.....<K!...<.6...<.D...<.N...<.U.. <.\..!<.q.."<n...#<....)<....*<....+<....,<h...;<....<<....=<\...><s...?<=...@<O...A<m...B<....C<*...D<....E<]...F<U...G<<...J<....K<....L<.#

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\nw_200_percent.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1068808
                                                                                                                                                                                          Entropy (8bit):7.952701382598292
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:k3zBH5zLmmibkFR8+mZRUumegvQt805Uwvd6Wvpbae6edhOLoP4:k3B53mNbkFRJmHURhQC05Jvd64jrOB
                                                                                                                                                                                          MD5:7B96F3A7FF47C8E46BA847FCAAD26D33
                                                                                                                                                                                          SHA1:F9B5A958E29CE039F03C775B889FC974B65481E2
                                                                                                                                                                                          SHA-256:94AFE21E06F098CA7B7C3DC432355503536973D1C377B4D202AB64BCFDE5133A
                                                                                                                                                                                          SHA-512:FD606264D1B7786A85C901D5A7B851D74F248903B66F0384E947A82E25655D8C8FC081D12BDD6136A366DC214FB15D39A86CDBCA540427BB3C60AECE268AFE3F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..........L.........%...........v................;.....;:....;.....;&....;.....;.....;v....;....;L....;.....;!....;.....;....;P....;.....;.....;.....;....;C....;.....;;....;.....;.....;.....;x....;^....;.%...;.C...;.Y...;pn...;Kp...;.p...;<r...;.y...;Lz...;.|...;.~...;O....;.....;R....;....;.....;|....;.....;.....;\....;.....;.....;.....;k....;....;.....;.....;.&...;.(...;~*...;.,...;.2...;S8...;.M...;.^...;sm...;)}...;.....;_....;....;.....;.....;.....;.....;.....;.....;.,...;.<...;VO...;8c...;.z...;a....;.....;.....;.....;.....;.....;b"...;.:...;.I...;.b...;.e...;.....;y....;.....;.....;.....;.....;.....;$,...;;H...;.Z...;.....;x....;>....;.....;1....;.....;.....;.....<.....<c%...<.:...<.F...<.P...<aW...<._...<.h...<mm...<.x...<?....<.....<.....<....<~....<.....<L....<.A...<.b...<h....<.....<W....<`....<.....<.6...<.d...<.....<f....<.... <...!<t..."<;D..#<.D..)<1F..*<.h..+<...,<?...;<....<<....=<5...><...?</...@<....A<....B<m...C<>...D<{...E<.D..F<.H..G<.N..J<.V..K<.c..L<.p

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\nw_elf.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1131520
                                                                                                                                                                                          Entropy (8bit):6.536561027180539
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:KVQ+6Nq2vF73pppDh8oLG9UTlcPwaKD1CK+D3SJ3NVTRmcIMI+nk/owl+GlBfG:KVQDNqyB7zLG9qD1CrDQHNmcMzl+6l
                                                                                                                                                                                          MD5:7509D69C2896E7B903398DA350B42C8A
                                                                                                                                                                                          SHA1:6BB535EA3728933A6AA9162950CFC44328E4D347
                                                                                                                                                                                          SHA-256:BBAF4E0D60D4362E23671301E9ABA75252B1059CD6E1DCF6AD0ACCEC5E115152
                                                                                                                                                                                          SHA-512:438CEFEC05E62904A8F2F304607EA4E9AB691793F8950EA2FF12B3740B5BF172F29EC40F17921D4DA8A09590BBA01889D81DA8315EA6585076C0B758D9E6A1BE
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." .....X...........,.......................................P............`A........................................c~..........<.... .. .......|............0......ll..8...................@k..(...p...8...................x.......................text...MW.......X.................. ..`.rdata.......p.......\..............@..@.data...t....@...@..................@....pdata..|............^..............@..@.00cfg..0....p......................@..@.crthunk............................@..@.gxfg... ,..........................@..@.retplne.................................tls................................@....voltbl.B...............................CPADinfo8...........................@..._RDATA............... ..............@..@malloc_h0............".............. ..`.rsrc... .... .......$..............@..@.reloc.......0.......,..............@..B................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\resources.pak

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4775861
                                                                                                                                                                                          Entropy (8bit):7.994874833136889
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:98304:KwNkpHyVBJvC85FhbtlvmZEroQRkx3DglVb9ftvoZEMTDEFkddpGh1f5G:y1yVvv9rBChobltvoZEMkFnhl4
                                                                                                                                                                                          MD5:43735A475FA2486E49C34D1AD8F57DF5
                                                                                                                                                                                          SHA1:2A987D18F63AC0E686BFBA8E992757BEB1D9F5CA
                                                                                                                                                                                          SHA-256:4F10CA74584E91BE68D0FB50DB1F96F5D636CDE11F6770870F3C6C8D97C7D7D8
                                                                                                                                                                                          SHA-512:60BBEB46A2AEE635B8FC676F5A17F32EC0DEFFE6362C6ED239AB5CF97CFAFBAB011BFAE37AC19C3DA0729E90CADCDDAFB8244C69176E08B83637C5350AF78D93
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........C...{..-..|..-....V1....13................T..................^......................E.....G...........5.....r.......................i...........g.................;C.....C.....K.....W.....\.....b.....k....}o.....s.....{...;..../;4...2;m...7;....8;....C;....D;}"..E;32..F;.A..G;iQ..H;.`..I;.p..J;....K;....L;....M;....N;....O;....P;....Q;`...R;B...S;./..T;kL..U;.c..V;.|..W;....X;...Y;....Z;l...[;....\;....];.....<.....<.....<.#...<U%...<.(...<.+...<!1...<.4...<.9...=RM...=.O...=.V...=.e...=8f...=.f...=eg...=.g...=<h...=.h...=.j...=#r...=.t...=.w...=.y...=.{...=q....=.....=q....=....=.....=.....=.....=.....=.....=....=.....=.....=.....=.....=T...0>....1>C...2>^...3>....4>q...5>....6>....7>....D>....E>....F>E....@.....@k....@4....@F....@.....@.....@.....@.....@....$E....%E....&E....'E....(EU...)E....*Eu#..+E!&..8E.'..9E.)..:E.+.._E.7..`ETA..aE.M..bE.Y..cE.c..dE.t..eE.w..fE.x..gE.{..hE.|..iE....tE....uE....vE....~E:....E9....EJ....E.....Ek....EG....E.....E.....Ep....E.....E.....E..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\snapshot_blob.bin

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1198536
                                                                                                                                                                                          Entropy (8bit):6.0724872991141385
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:HbztrVZr3DoSHdbPOzwxxkNrBhw63E2Lf0Nyi6kJcMcOTN2I0vFi90o1:HbztX3DFA8orXF02Lf0NpJgU1mFi90o1
                                                                                                                                                                                          MD5:1BD6EACB823E1A4C5F17516B45C85CE7
                                                                                                                                                                                          SHA1:2693FB26D0ACEEA5001C6C8A4B5FE4B0C1735E33
                                                                                                                                                                                          SHA-256:34F17BC88B07D6F0C205153E8C85629915EA93EBBF0F82E4C173E292BF3BDB08
                                                                                                                                                                                          SHA-512:EC72E7E70EA361FFADE06E4324267243CC9907932A8797FCACBA1510745DA521F06365D3D6E48F8753AECAC51530F79D33EE6BADEDEDDE0980E7349E495C4348
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................v.C.....h........p..@....#...........,.,............. ....,8........... ............,8........... .9............o......o.$......o......:<................. .9......:<.......,8........... .9......:<.......,8........... .9......:<.........,8........... .9......:<.................,8........... .9......:<...............uninitialized.....................undefined...........,8........... .9......:<................d....,8..X........ .9......:<...............>........,8........... .9......:<.................=..6......hole....$.........>.....9...,8........... .9......:<..............?..=.:..$....true.......=...B ....boolean.........,...........=........false..................=.~j.........,:........... ..........<.........,:........... ........;.$.......,:........... ........;=.......,:....!...... ........;=.......,:.....H..... ........;=.........,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........... ........;=.......,:........

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\swiftshader\libEGL.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):107520
                                                                                                                                                                                          Entropy (8bit):6.3572540880058
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:wB0bzVn8icEY9OkFwaMZsDV4AcVrvsoEX4vpTb/sW9cdS8h5TQ0y4oVPYT:wyt8pEiDV701vJaSKq4o1Y
                                                                                                                                                                                          MD5:973BCAD92FB7B30AB5A7A2F35E2EEB24
                                                                                                                                                                                          SHA1:594477D5FF4626B2CA72E485DFAF53CE8BDF497E
                                                                                                                                                                                          SHA-256:750CBA685EE7B85E87D4843F3AD9C549CB22E6FF90247373823CDA16DB7E2141
                                                                                                                                                                                          SHA-512:144C362423CE4D5C3F6A45FAB4E9DED409F06764E5497B5D03E67EB51C5860F38DDE631553D6EF6468C0FBDFAFA7B4B474C2AC913F57C6AEC81665BDA1375536
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................................E.......E.......@.......E.......Rich............................PE..L....,.Y.........."!................ti....... ............................................@..........................}..........P...............................|... o..8....................o......Xo..@............ ..@............................text...p........................... ..`.rdata...i... ...j..................@..@.data................|..............@....gfids..............................@..@.tls................................@....rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\swiftshader\libGLESv2.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2013184
                                                                                                                                                                                          Entropy (8bit):6.726531618207793
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:pIcO8JVs8rBf5ACKu43D6YMu+46+/imfywoMuF5P3Rv:pFO8JHBfIN3D6YF+ItywoZd
                                                                                                                                                                                          MD5:1196BE50E7F9F56901865C0CFA76CA3E
                                                                                                                                                                                          SHA1:5384443AB344DBBF558E0CFC155CBACE89121871
                                                                                                                                                                                          SHA-256:2389E02AAB2A20D1067F4E6AC9D0E1961B99B64AA539A967842B3F60AF450365
                                                                                                                                                                                          SHA-512:E9954D974E70F56E3FDAB4F1A3341F9A960E3D8BA4FFC26F26D1E0562F38E75FAF1627AF81E143E3DD25ABC780FFB4C37F339B6783637EA414B4AE485EB3D609
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$...........y...y...y...$..y...$.!y...$..y.......y...'..y...'..y...'..y...$..y...$..y...$...y...y..gy...'..y...'.,y...'...y...'?..y...'..y..Rich.y..................PE..L....,.Y.........."!.................6........................................#...........@.........................`z......D...d.....".......................".....p...8...............................@............................................text...Y........................... ..`.rdata..:...........................@..@.data...............................@....tls..........".....................@....gfids........".....................@..@.rsrc.........".....................@..@.reloc........".....................@..B................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\v8_context_snapshot.bin

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):647441
                                                                                                                                                                                          Entropy (8bit):5.091753770132809
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:yuJR9fWrgHbhaM1IW0mh3pXWz3WUUML5DSlGkMeiWxDhU04jh1qH:BJH3swIsdWz39Uc52lGkHiWA04jh1C
                                                                                                                                                                                          MD5:E59FAEDF525C663FDE4C6BCD3C77920A
                                                                                                                                                                                          SHA1:6388193081D87AE3FA2FCD546790D2D9C4C4E006
                                                                                                                                                                                          SHA-256:83A73E2B5A458B394ABA65A3F9ABA0FC1FBD9520D07858A2C1E8AB8CCDB5C7DA
                                                                                                                                                                                          SHA-512:F65B02E0CD828F93B76E0DD8E68CAC1563102798B1FE820D801DD67ED3E02FC2902106C9E60E0DF96E11DDB3EABD2AC30DBF5D23D8F47085A755F299FAAC69FF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.............b].11.9.169.6..........................................................YI..1|..i)..Q...............a........a........a........ar.......a$.......a............m....m....n....n....o....o....p....p....q....q....r....r....s..(Jb...*L.....@..F^.5..9.`.....(Jb....P.....@..F^..`.....L...IDa........Db............D`.....1.D`.....D].-.D....D`......WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa...........WIa............L............................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4491776
                                                                                                                                                                                          Entropy (8bit):6.299524374544543
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:KU82lTQcFMkjVGWalGA0GmK3jrmz5xbQ87uhvMxqyF2k2gwUIukCN/ET8CPhmQJF:u+TJXIfw05PhLJVS0Dy
                                                                                                                                                                                          MD5:5A3011F59AD6ACEDA78A8F42BA7CFA1E
                                                                                                                                                                                          SHA1:CE61A5ACAAFBF7464D9A26DB762F9F661E6E9AAC
                                                                                                                                                                                          SHA-256:39612549C82C10B8A8E8072F2FAF17354D8CCCD3EEBA1D5FDA9C50FF547FFE5D
                                                                                                                                                                                          SHA-512:16E9CBBA44FB14E0E27FC872DE51E501DFFE79CC39B3386BCEC28F6DB874CB84606848E5C1E67322486FE29960DBD514FBF505AF8C94CCCD54126AB873A33AA7
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ......3..........U0......................................@F...........`A..........................................?.~...~.?.P.....E......pC.p.............E.0...tu?.8...................Xt?.(....k>.8........... .?.P............................text.....3.......3................. ..`.rdata..\.....3.......3.............@..@.data.........@.......@.............@....pdata..p....pC......&B.............@..@.00cfg..0.... E.......C.............@..@.gxfg....,...0E.......C.............@..@.retplne.....`E.......C..................tls....V....pE.......C.............@....voltbl.8.....E.......C................._RDATA........E.......D.............@..@.rsrc.........E.......D.............@..@.reloc..0.....E.......D.............@..B........................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\vk_swiftshader_icd.json

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):106
                                                                                                                                                                                          Entropy (8bit):4.724752649036734
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:YD96WyV18tzsmyXLVi1rTVWSCwW2TJHzeZ18rY:Y8WyV18tAZLVmCwXFiZ18rY
                                                                                                                                                                                          MD5:8642DD3A87E2DE6E991FAE08458E302B
                                                                                                                                                                                          SHA1:9C06735C31CEC00600FD763A92F8112D085BD12A
                                                                                                                                                                                          SHA-256:32D83FF113FEF532A9F97E0D2831F8656628AB1C99E9060F0332B1532839AFD9
                                                                                                                                                                                          SHA-512:F5D37D1B45B006161E4CEFEEBBA1E33AF879A3A51D16EE3FF8C3968C0C36BBAFAE379BF9124C13310B77774C9CBB4FA53114E83F5B48B5314132736E5BB4496F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"file_format_version": "1.0.0", "ICD": {"library_path": ".\\vk_swiftshader.dll", "api_version": "1.0.5"}}

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\nwjs\vulkan-1.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):913408
                                                                                                                                                                                          Entropy (8bit):6.578192683971118
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:VkLGO/wBlPes+ERBTmqQRw6Z5WdDYsH26g3P0zAk7JeAy0:SLGQwBlOEDTVUw6Z5WdDYsH26g3P0zAC
                                                                                                                                                                                          MD5:2DB0026C9329B1FAF58971CF1AC51A6C
                                                                                                                                                                                          SHA1:E7E043AD9FEB2086B4EAD78A661C376DE596E4D3
                                                                                                                                                                                          SHA-256:E471E4E0A5635D2E5F6E1E5778016D0E5E169BC61AA32E5D380EBCD2502FC103
                                                                                                                                                                                          SHA-512:AD1E66450CCBF49BBAF7632BB7B9C201D2BB0E53CF2594DACFDA439545BB07AA2A085D188654E8E057D3AE0C1D682D3523942D9492D3C1F2D74BCE8BF378D7E6
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d...P0Wd.........." ................`(....................................................`A.........................................p..<!..$...P....p.......p...q..............D....S..8....................R..(.......8...........p................................text...s........................... ..`.rdata....... ......................@..@.data...,M... ... ..................@....pdata...q...p...r...2..............@..@.00cfg..0...........................@..@.gxfg...P).......*..................@..@.retplne.....0...........................tls.........@......................@....voltbl.8....P.........................._RDATA.......`......................@..@.rsrc........p......................@..@.reloc..D...........................@..B........................................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\css\normalize.css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):6853
                                                                                                                                                                                          Entropy (8bit):4.906654635893315
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:FCe48Am0EzM0x8n3PwMEoSX7kb5XBm8xtn6M5Ly63zD2ii8VNJ:FU8KnIMEovbZBmgTlyalJ
                                                                                                                                                                                          MD5:7F411D49C20EDFD7499ACE24A5997712
                                                                                                                                                                                          SHA1:B7C99C7B37BC5C87F3B483695FEE7961D628F28E
                                                                                                                                                                                          SHA-256:004613F14315671B3A95CF4D4051E76D351EEB6E528B83E66B92001B55878966
                                                                                                                                                                                          SHA-512:6A5C9C07E60622ACB0D34F15C688C14D64A86F5C5E58282CA2C36092B615E7BB3C9DDFC1F511B54F7FE21F5271D0514D81EF1474D4CA1500B7A5085B609AE691
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:/*! normalize.css v8.0.1 | MIT License | github.com/necolas/normalize.css */..../* Document.. ========================================================================== */..../**.. * 1. Correct the line height in all browsers... * 2. Prevent adjustments of font size after orientation changes in iOS... */....html {.. line-height: 1.15; /* 1 */.. -webkit-text-size-adjust: 100%; /* 2 */..}..../* Sections.. ========================================================================== */..../**.. * Remove the margin in all browsers... */....body {.. margin: 0;..}..../**.. * Render the `main` element consistently in IE... */....main {.. display: block;..}..../**.. * Correct the font size and margin on `h1` elements within `section` and.. * `article` contexts in Chrome, Firefox, and Safari... */....h1 {.. font-size: 2em;.. margin: 0.67em 0;..}..../* Grouping content.. ========================================================================== */..../**.. * 1. Add the correct box sizin

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\css\notification.css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1141
                                                                                                                                                                                          Entropy (8bit):4.796651326134806
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:U6CbfLhXJJWg1MrPv4OvvlpHcvB20TtZjcRATa0NQURtCG+ATb1:U6CPYcMrPv4OHlZc1pa0dC4B
                                                                                                                                                                                          MD5:3542FE11A1F6A9EB80B0B5E2FC62403F
                                                                                                                                                                                          SHA1:992A33E44668060CDA7CDDB97E3D1CF7471DC0EC
                                                                                                                                                                                          SHA-256:AB8A7E29866641FF26C8381EDF708018F8216BED00E5AD9D00372DFA5208A655
                                                                                                                                                                                          SHA-512:2F9764E6A5567FD83F56F03F7DFA008849596400D025AD07FCA17EF462B6659685D7D61DC4AAC9E7452F8DC6B6F92C39E3BD6C4050078BDAD127649EFD9B841C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:body {.. -webkit-touch-callout: none;.. -webkit-user-select: none;.. -khtml-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.. font-family: Inter;.. font-size: 14px;.. cursor: default;.. color: #b9c2ca;.. line-height: 20px;.. border-radius: 8px;.. display: none;.. position: relative;.. display: flex;.. align-items: center;.. padding: 0 20px;..}.....notification-background {.. position: absolute;.. left: 0px;.. top: 0px;.. bottom: 0px;.. right: 0px;.. background: url("../images/notification-bg.png");.. opacity: 0.8;.. z-index: 0;..}.....fast-icon {.. width: 32px;.. height: 32px;.. margin-right: 20px;.. z-index: 10;..}.....notification-message {.. z-index: 10;..}.....notification-message__title {.. color: #fff;.. font-weight: 600;.. line-height: 1.42;..}.....notification-close-icon {.. position: absolute;.. right: 8px;.. top: 8px;.. font-size: 10px;.. cursor: pointer;.. opacity: 0.6;.. transition: opacity 0

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\css\style.css

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):19383
                                                                                                                                                                                          Entropy (8bit):5.0112385565785615
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:4y+M+EZw+b9bRzp+zZxxnnLu+cn8n6Nc/XXAMzZP3QJAMohke0:fvRVTIC
                                                                                                                                                                                          MD5:9034B3CE5E94B3499142950852967953
                                                                                                                                                                                          SHA1:D84E6823F56629AA19223390A4A8732F3550C3A7
                                                                                                                                                                                          SHA-256:292893A9DC657720BBDEA183DC8A0C3589F3F0A5350EC4B46C9450B430E799F1
                                                                                                                                                                                          SHA-512:5535B3E232301FFB3F0985D735EE7E3887150611D5314A63E78AAA46935F8AF4B04ED3A9F98821B32F444142F5B4EE3E5C68962A9D88494788ADF60C283122AB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:body {.. -webkit-touch-callout: none;.. -webkit-user-select: none;.. -khtml-user-select: none;.. -moz-user-select: none;.. -ms-user-select: none;.. user-select: none;.... color: #fff;.. font-family: Inter;.. font-size: 22px;.. cursor: default;.. background: url("../images/app-background.png");..}.....minimize-button {.. cursor: pointer;.. position: absolute;.. right: 42px;.. top: 0;.. width: 42px;.. height: 10px;.. padding: 15px;.. display: flex;.. justify-content: center;.. align-items: center;..}.....close-button {.. cursor: pointer;.. position: absolute;.. right: 0;.. top: 0;.. width: 42px;.. height: 10px;.. padding: 15px;.. display: flex;.. justify-content: center;.. align-items: center;..}.....payment-modal {.. position: fixed;.. z-index: 99;.. top: 32px;.. width: 776px;.. left: 184px;.. transition: opacity 0.3s ease-in-out;.. height: calc(100% - 32px);.. overflow: auto;..}.....payment-modal__frame {.. display: block;.. position: absolute;.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\back-arrow.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):230
                                                                                                                                                                                          Entropy (8bit):5.02646206733417
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:tnrCtzURDumc4sl7vrERI/TmWkmkAHw6VQ6mqZllv:trUzSuJlaWkmkAHFVQ6hllv
                                                                                                                                                                                          MD5:3BFAC922E0599E5F6E118AE9F7453C5A
                                                                                                                                                                                          SHA1:51BD719086B6E392FC7040DEB4B74547EBBB61B8
                                                                                                                                                                                          SHA-256:F8B60A6A67EA58329750FFD50B23F270C2AAF02C6D824ED61E8A428F95E26ACE
                                                                                                                                                                                          SHA-512:50862060D322C0D67FEB8095CCA564D27B58A9273348941220DCB3B18A994F8193866A57E7A07F183B9F6297A77EFAE23139353F39F4582432952EB5AA59CD79
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="15" height="12" viewBox="0 0 15 12" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M2.5 6H13.5M6 1.5L1.5 6L6 10.5" stroke="white" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>..</svg>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\checkbox-checked.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):613
                                                                                                                                                                                          Entropy (8bit):4.689989765201426
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:trwdU/gKuJiM65uFxcjF6sF1UBRFWMR5qeP4upRE2OAuhQx9A:tYU/duJiMMKxeH1UlW257E21EQxC
                                                                                                                                                                                          MD5:F3689CE536EA412B76CAAA8892603EC5
                                                                                                                                                                                          SHA1:91652FE08C80D9E4A69FD49FD2A39A42F6E1220A
                                                                                                                                                                                          SHA-256:4E7B084FFF602667C397616838DC6D919BBA35A682B4A90411E094CDE36D6F93
                                                                                                                                                                                          SHA-512:7DED404780461BB1D693CA17673BDC38370BD98853B72735CE038F67A0ACC94B099C137F11006F611DF173FD59579CC0DB22ECCEB6EEAE37390AE036A9CF270B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">..<path fill-rule="evenodd" clip-rule="evenodd" d="M4 0C1.79086 0 0 1.79086 0 4V20C0 22.2091 1.79086 24 4 24H20C22.2091 24 24 22.2091 24 20V4C24 1.79086 22.2091 0 20 0H4ZM17.5496 9.01034C17.8314 8.70681 17.8139 8.23226 17.5103 7.95041C17.2068 7.66855 16.7323 7.68613 16.4504 7.98966L10.4341 14.4688L7.98014 12.4238C7.66193 12.1587 7.18901 12.2017 6.92383 12.5199C6.65866 12.8381 6.70165 13.311 7.01986 13.5762L10.0199 16.0762C10.3261 16.3313 10.7784 16.3024 11.0496 16.0103L17.5496 9.01034Z" fill="#1BEAB7"/>..</svg>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\checkbox-hovered.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):205
                                                                                                                                                                                          Entropy (8bit):4.913102574106915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:tnrwdhC/gKumc4sl7vpjh7S9Hy2tnsTq9MSQXqVgA:trwdU/gKuJpx6tngqI6VgA
                                                                                                                                                                                          MD5:37505F1E1AF18970EE9D0B38352AECD4
                                                                                                                                                                                          SHA1:888C3DA3521373CAB0AC31F45F259A2B16B60621
                                                                                                                                                                                          SHA-256:169004848537907BB02CD0E19A3D1E7F0E9DE2AA9BB8A8998D85364CAB3E7999
                                                                                                                                                                                          SHA-512:87EF45501D7A51C7601ED00534236CD67BFCEAC4D86662CEF32333D9C59402BA3950AEB1D1830F66ECE50951D68E14A7EF228FC9D7C7671F683BDD969A5F31AC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect x="0.75" y="0.75" width="22.5" height="22.5" rx="3.25" stroke="#1BEAB7" stroke-width="1.5"/>..</svg>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\checkbox.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):203
                                                                                                                                                                                          Entropy (8bit):4.80726810597501
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:tnrwdhC/gKumc4sl7vpjh7S9Hy2tnsTqkAHw6VgA:trwdU/gKuJpx6tngqkAHFVgA
                                                                                                                                                                                          MD5:5426C6A253EBC952C3EAA41F380A4FDD
                                                                                                                                                                                          SHA1:6F64776CC50B22D1DEB1697DB23F30C23E60B6EB
                                                                                                                                                                                          SHA-256:6FE2EF27B946A116A95F52EF8ABE6523E10C4B69039B8E4AAD1FE534C64AEB1B
                                                                                                                                                                                          SHA-512:DF263BD4D3976A0AFF95F4BFD87DA5FAFE3FF8C93FE8A9A510ADE20C772EC29C612AC4FF85A808395F508F8163FDDDFF81F580E11FF6B680DFF00C8A9638527B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="24" height="24" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">..<rect x="0.75" y="0.75" width="22.5" height="22.5" rx="3.25" stroke="white" stroke-width="1.5"/>..</svg>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\fast.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):37918
                                                                                                                                                                                          Entropy (8bit):6.013092765511404
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:FHdknd28mdN7OEbCRqjI9IDdkXbkWrw6kgPbRExUP2rGioSeHf:F9Wd28mIckwWrwKbRE/nXeHf
                                                                                                                                                                                          MD5:006577A377F0219BCB2FAE7AFA5308BF
                                                                                                                                                                                          SHA1:89E784EA0B37010BF0E7E9825A296FBBBE9A8019
                                                                                                                                                                                          SHA-256:A774B144C48347AF4E47E59744A85B336511271B3412A2C7B4BBC67F1EE81A1F
                                                                                                                                                                                          SHA-512:2FE432B483696E0B8C69D903ABEF40C405D94FF59359217C590890B3F40B840D87B69FB949BD34A5CA1C5F32476006845C537AAEAFCF2C636C375E3D7BD02778
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="55" height="55" viewBox="0 0 55 55" fill="none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><mask id="a" style="mask-type:alpha" maskUnits="userSpaceOnUse" x="0" y="0" width="55" height="55"><path fill="#D9D9D9" d="M0 0h55v55H0z"/></mask><g mask="url(#a)"><path fill="url(#pattern0)" d="M0 0h171v55H0z"/></g><defs><pattern id="pattern0" patternContentUnits="objectBoundingBox" width="1" height="1"><use xlink:href="#image0_729_108" transform="matrix(.00092 0 0 .00287 -.004 0)"/></pattern><image id="image0_729_108" width="1090" height="348" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABEIAAAFcCAYAAADMJhs1AAAACXBIWXMAAAsSAAALEgHS3X78AAAgAElEQVR4nOzdCZhU1Zk38P+pqq6u3uimgQakuqBZFASkQRFxA1ziFqUTNSZqFLOMWVxIZrJPIkkmk8kkE9EZx2Qmn2AWhcRE1Am4C+6KC0ijskPRbM3WDb3Ufr/nFKe1xe7q6u66t8699/97noqErq4699yi7r3vfc/7CsMwQERERERERETkBj7uZSKyi/Ztzw72JgaMQyxWjWhsMGLRAUakoTjeEhuAo0erjUOHT0A0Uo54vAzRaBHi8SIYhif9EMILj8f7waamUhEIkYIQSQARBAJNKK84KCoHhsWAik0FFc

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\icon-close.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):212
                                                                                                                                                                                          Entropy (8bit):5.000455669184287
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:tnrZvUYltumc4sl7vrERIYpU0AW9mkAHw6VQ6mqZv:trZvnltuJl90hmkAHFVQ6hv
                                                                                                                                                                                          MD5:9F2B2BD8B8D73721ECB5E598416E0142
                                                                                                                                                                                          SHA1:B55D6D9D47984089F699798D1E6151D05414A4C7
                                                                                                                                                                                          SHA-256:E44C2974675D120535F757FDFDBB4703E7869F6B31F65705DC852740641B864E
                                                                                                                                                                                          SHA-512:C3952A7ECF4712BB1DEA379EAAD13C3087837AAC28287C7400EB4FBECCAA376362CAB426D148E941AEDF48346E4651E0E74EB5045677CCDADFC078E3D8691F08
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M3.5 3.5L12.5 12.5M12.5 3.5L3.5 12.5" stroke="white" stroke-width="1.5" stroke-linecap="round"/>..</svg>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\icon-tray.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):187
                                                                                                                                                                                          Entropy (8bit):5.002130422255309
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:tRBRNqcwR+8XcvUJUTlt7SLvDmJS4RKb57vrErFuHodoAwRAHFWFA8cjQFAmYHZv:tnrZvUYltumc4sl7vrERIAdkAHw6VQ69
                                                                                                                                                                                          MD5:06FE31675C8BD074E6B34DBE76EF1493
                                                                                                                                                                                          SHA1:B14A8EA097C45E360011C58C6267A36BADC9B3F6
                                                                                                                                                                                          SHA-256:437B516A0CD2FBA01270B2211940559C34089D4C155A27B8185A7B79DE7598B5
                                                                                                                                                                                          SHA-512:452FD00F5F91E6EB24D65D146EAD1B9E6F0FAD8689BCDDDCAEA74B4B3FC521C5C1C38359ED8F19DA2D64569830BFE36135F6B683D360AE18B30C3B7D0209478D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="16" height="16" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M3.5 8H12.5" stroke="white" stroke-width="1.5" stroke-linecap="round"/>..</svg>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\info-logo.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9537
                                                                                                                                                                                          Entropy (8bit):4.043358010957342
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:2nuOSUJTPLpHe8ANf+zXoQEIUs/a4Hb7SOlupq1eWi0/cUZZYq1VFCW:2npS8hWx+jaIUsdH6QupbXQa3W
                                                                                                                                                                                          MD5:3C55BE79701E1AA182D955D2ECB20E4C
                                                                                                                                                                                          SHA1:DA31AD355ABD436462A326AEFB52E525F7E51503
                                                                                                                                                                                          SHA-256:92975717849665B2F89F8FBD59F692506EFFBE6F46B352E4F85A12F42E65429D
                                                                                                                                                                                          SHA-512:A916C71022E483D6BA1264C57468996AE3BEF8D72294CA67A35368540FFE1DD0E1979EB18BC8D3E0E7144E73C26C418743061C06D437B2D2E75433BACEBEC1B5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="226" height="70" viewBox="0 0 226 70" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M14.5019 55.3051C16.7827 57.5785 19.8198 58.5437 22.525 58.1327C22.1485 58.907 21.601 59.6796 20.8482 60.43C16.817 64.448 8.41064 66.3325 6.14523 64.0745C6.07166 64.0011 6.00151 63.9227 5.93478 63.8425C5.85436 63.776 5.77736 63.7078 5.70207 63.6328C3.43666 61.3748 5.32736 52.996 9.35856 48.978C10.1114 48.2276 10.8865 47.6818 11.6633 47.3066C11.2527 50.0046 12.2211 53.0318 14.5019 55.3051Z" fill="#EFC75E"/>..<path d="M23.1806 55.8205C23.107 56.5794 22.9034 57.3537 22.5253 58.128C19.8201 58.539 16.7831 57.5737 14.5022 55.3004C12.2214 53.027 11.253 49.9999 11.6653 47.3036C12.4422 46.9284 13.219 46.7237 13.9804 46.6504C15.2106 48.864 16.8874 50.6565 18.0236 51.7906C19.1597 52.923 20.958 54.596 23.1806 55.8205Z" fill="#DEB957"/>..<path d="M51.9224 2.79346C60.2465 -0.27462 67.3781 -0.702684 69.0378 0.958409C70.7061 2.61268 70.2749 9.72264 67.1968 18.0179C63.8243 17.3715 60.3116 15.5262

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\icons\logo.svg

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9531
                                                                                                                                                                                          Entropy (8bit):4.041601214334172
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:4HRt6z3J2o1hBvvSuTX18yA0w1emBawW7UcjNOl3:OREz3J2IvSuTX1tA0QaZQyNOp
                                                                                                                                                                                          MD5:49C358496D8D932144A666B0D37C0876
                                                                                                                                                                                          SHA1:0A07E1621556858CC07B01A044D0DB77BEE74BFD
                                                                                                                                                                                          SHA-256:35FAA3B970B08A0D06186CFDCDEE84A6B53B45F2B838101DCBC8F4DD4F959053
                                                                                                                                                                                          SHA-512:C54FBD36D1CA3D1BE99967968A328030028742E6E68EEF6459AEF248B9E8A436C3A5AD94B24F0ABB3371F66EAF75A0C3254AE7565A15AB1400D842ACD1F60D28
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<svg width="72" height="16" viewBox="0 0 72 16" fill="none" xmlns="http://www.w3.org/2000/svg">..<path d="M3.32135 12.6412C3.84359 13.1608 4.53899 13.3815 5.15838 13.2875C5.07219 13.4645 4.94682 13.6411 4.77444 13.8126C3.85142 14.731 1.92663 15.1617 1.40792 14.6456C1.39108 14.6288 1.37501 14.6109 1.35973 14.5926C1.34132 14.5774 1.32369 14.5618 1.30645 14.5447C0.787742 14.0285 1.22065 12.1134 2.14368 11.195C2.31606 11.0235 2.49353 10.8987 2.6714 10.813C2.57737 11.4297 2.79911 12.1216 3.32135 12.6412Z" fill="#EFC75E"/>..<path d="M5.30823 12.7591C5.29139 12.9326 5.24477 13.1095 5.15819 13.2865C4.53879 13.3805 3.84339 13.1598 3.32115 12.6402C2.79892 12.1206 2.57717 11.4287 2.67159 10.8124C2.84946 10.7266 3.02732 10.6798 3.20166 10.6631C3.48335 11.1691 3.86729 11.5788 4.12743 11.838C4.38756 12.0968 4.79932 12.4792 5.30823 12.7591Z" fill="#DEB957"/>..<path d="M11.8887 0.6385C13.7947 -0.0627699 15.4276 -0.160612 15.8076 0.219064C16.1896 0.59718 16.0908 2.2223 15.386 4.11834C14.6139 3.97061 13

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\about-section-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 752 x 234, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):124639
                                                                                                                                                                                          Entropy (8bit):7.993546703761157
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:3072:YJRNqHmDSDJmO/+PDRZX6oZflaJLhzk69IM9ZLEIAS:YmRJmw+P1XB4JdVfZ5AS
                                                                                                                                                                                          MD5:A1C5834B41BBDFDF959DF270B33D8FFD
                                                                                                                                                                                          SHA1:5906AE25339C0EC35264105660B47E87B83F7E32
                                                                                                                                                                                          SHA-256:541A681493FF21E1A7A5304F35B6D70066E61C8DAF4CDDF6593CAA1C7CB314A8
                                                                                                                                                                                          SHA-512:C875675CAAF2C670435743914FF0A2FC63B40DF8DC528B5406756DF3965FF08FC955D7372B58ECF5284B0A56129BA78A7B9712D7035D13A52DB33C8DAE636575
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR...................gAMA......a.....sRGB.........pHYs.................PLTEGpL.(>!6R..F)7O..G. 2+;Q..+..+-C_Jb...*,D`.EbIb.Ld.Jb.Mb.Nf.Id..%:.$9.$8.#8.&;.$9.%:.#7.%9.+@."7.#8."6 0F.*?.,A!1G."7.!6.*>.*>.(<./D"2H.)=$4J.&;./E%5K.&:..C.'<.!6#3I..D.-B.!5. 5.,B)9O 0E(:O.';.(<.)=&6L..D/?W.?W.-C.+?,=T.,@'8M-=U /E.';+;R):P.-C->V'9N,<S!2G*;Q(8N.@X(9O3D\+7F.*@+;Q&7L$2L.)<$4K!2H%5L.%9$3I'7L.*?.&:"3I.0E4F]%6L. 5->U#4I0BZ#4J.(=,;R$5K/AY'7M*:Q.)>.+A./B#3H.+?./D.-B.$8.)>"2I.+@ 1F%6M.*=!1H'8N*9O1C[4E]3E\"3H./F5F^&1> )X&7M 1G.)>0@X&6K%6K..4.*?0AZ!0F.(=.=U.(;(8M%:Y1AY%5J+:Q/@Y3C[$#C.&<$5J.#7..C+<R..32BZ,<T#3J.$8/>V.':.?X."8-<T1CZ.)="HR2C\"1G6H_,<R+;S%4J!(H.%; 0G.(<#2H /D)9N.#9&5L.%8.*=.!7.%;.#7&5K.&9..+.=T.,B.#9&7N.$7.)=&7K"1H&6N..-..**:O."2/@W):Q.#5Kd.H`."3J4Ki#5J.%7!7TD[}.$7@Xy#4K..00Fe&;W>Tt;Qp.4Q.2O#5I7Nm)>\,B`.)<.0M.%;./C9Kd.-G..PI....tRNS... .@....@..@.....O.....YIDATx..{P.y...{..8..53I..N5.K."..\........B..\..PDHp.@...b..R.......e.].5:.S.}Nt.1.s.t.33.3s........3...Fl*...%

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\all-circles-bg-mask.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 752 x 234, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):120361
                                                                                                                                                                                          Entropy (8bit):7.995404470094665
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:3072:jT3A70ikgjMxNgnfoXtOZfXV/q3Hu95JfncXTZnOZ:P3A7/v9q3OFfnmTUZ
                                                                                                                                                                                          MD5:C0A3BE92E716577C030C17351D61D5E0
                                                                                                                                                                                          SHA1:E3DDC18476AF21603C4F57C68388331582110C88
                                                                                                                                                                                          SHA-256:708EEC6AD0FCD4A29AAF0735A95C9F430799FD987233DAB57B4A977082044A50
                                                                                                                                                                                          SHA-512:90AC70BDCFB2D001825BBB9669836BF4E20EC12F62622ED66610C1C28959AE992738C2351FC434B71AD998F3735EF3418CAD6BC97D1044AA1E318312AE4835E2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR...................gAMA......a.....sRGB.........pHYs.................PLTEGpL.$9.%9."7!4J.&;. ?.&<.)="3G.,@.%9.$9.-A.%9..D..B.$9.-A..C./D.%:.-A(8N.,@ /D.'<.$8&6L.,@.-B.%9.-B.*?.#8.#9.,=."6(8N.)<&6L)9O$4I#3I.%9 0E*:Q&6L'7M!1F$5J#4I*;S#4I(9N'6M(9N"3H)9O.!7)8O.%9.#5+;P=Ts...GpL.!8."6.#7.!6.$8.&;."7.%:.$9.#8.$9.*>.+?.%:.%9.#8.&;.(<.)=."7.!5.'<.&:.';.'<.+?.(<.(=.!6.)=.,@.&:.';. 5.,@.*>.%9.(= 1F.-@!2G.)>#3I.-A.+>"1F.-B.)> 0E.#7..4#4J.*?#3H.,A.$8.)<'7N..C&6L.*=!/E.+@..D#4I"/?.*?"2H /D.,?. 5*:P$5K./D'7M /E%6K&5K.+@(8N..B."6!0F.,B%5J'8M&7L.;O.*>..B+;Q(8O.+@.,A+<R#2H,=S!1G .C*4<%&D*:O%4J.&< .D.':..C*<Q.-C.*=&7L$4K#2G 0F.$:./C./E.#6.%;$5J.(;.#9):O.,A"3H.(;..*.#6.,@!/D."8.!7)9P.,?"0E-=T"3G.)=.%8+=R.'=."6..,.+?.(=..-.';../.&9.*=.'S.%9..2.';.6R?Uu.>U7Nm<Sq.2N'=Y.$9$:V3Jh. 1.%8-Ca*@]0Fd#4K."=.)6.#<.....-.#7r.....AtRNS....... @ .`..p...p.....@`..P..P0.`...0`..p0..P.....0.0........IDATx...S.....%K.M..c..S>.Tb{.x;.W...u........f7....)......P.....*...6.1R[>RtP4.....4.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\all-circles-transparent-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 752 x 234, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10157
                                                                                                                                                                                          Entropy (8bit):7.8506241639495125
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:cSOFgDFFfgr+5kWeL7qx+2kQbfWpSYygjaznbnlC:bOFgDG7qnkO+p2ZzblC
                                                                                                                                                                                          MD5:98C6AE0575B67BFD77234E6C6575A600
                                                                                                                                                                                          SHA1:189FE975CC0FA5E86C482AC98E8C1D21EB45D4DD
                                                                                                                                                                                          SHA-256:C6E796CDC1A3B1EF5F502B448908E4F417E1C30ACE33BAD8D3A7965FF057BA2B
                                                                                                                                                                                          SHA-512:F49984E05B156D49BE2CC2E42401BDFD5D68D4CB087C46E3EF4FC3DFE9801CC63AB5B09C57253D071C9A718D0B02B3D2461F81CBA5FF58309D0F63591828A8EA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR..............tq.....pHYs.................sRGB.........gAMA......a...'BIDATx....].y...........8L!....$$@F.f.....u.V}...U.o.......Fj..Q...F...6`.l..l..o.t./..>.......=.._..os....I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$I.$....!..k.v.H....}]..k.....kwt......-........];.-]..k..wJZ.f]j.Y........QB.r.>./tm{...k.u..4.g......{b.rp.x5F..pa....ol..]...f..Km0.Z.u.>x....?...vc>&..umo>&.G.v8JX#...r...||<.s..........W.k.....vgH.$........~1...../v..(...e..V..T....Q.{,.....w...."..r...V.G...6_[..e.=..I.a.6.uM......u...|.|.n.z.vE."....@....5G...bq....V.Q.{..c........;..c..qG..|.........X..u..f].....#..eK>...".....!._.%....]..!t.sc>>...A?...z..w.....n7..y..........37.h..>..u.s!.2.R..............c&...F.K......k.^...8..8..!.....*.h.<...~4..tB^...F#.o....\Hx.v..6...x..t.n...E.W.....u..f]S..?{....2...E...!.T.taQi....J.[....||i>&...v..z<..ct..Q.W...r(._.........J.%..=...c..q....bvk......u..f]3.2..G

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\app-background.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 960 x 460, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):137078
                                                                                                                                                                                          Entropy (8bit):7.992746522595616
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:3072:t/QJJeh1hS0ox3Ig92kPG3p06LBBFw3qhnrgTmrIN35thVBxSV2UG:toJ9/2kPEttBF8yn0i433hVBxcxG
                                                                                                                                                                                          MD5:766CC7738A10FD5A781B29E7F4833DFB
                                                                                                                                                                                          SHA1:6857FE0096F0AEC0ADB9C6DC1B1E67A772D5FB56
                                                                                                                                                                                          SHA-256:03A96804ACC65961D5971B0AB657F1C8C1C0913C98797432B8AE4B7F04D1199B
                                                                                                                                                                                          SHA-512:ACD5C8E6E9022003749D39B5E01A6AFD517849F20C503804CD0906736F591245FDDAFA2A112D07F5F6BB5AE6609331DD9B1B1B0AD81291FD332DB025F18770B6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.............-U1.....gAMA......a.....sRGB.........pHYs.................PLTE.....!.....&..".....#........ .."..*. 2.#6.....(..)....':..%..1..,..$..'.&9.%8."4..".!3..-"-B..*..+...../.)=....$7..%..&..&..$!,A...... +?.#5..'.. ".B#/D..0..!.. .+>..$.*>.*>.';..+..0..2.(;.#6..&.."..-../$/E..&..!..2.%7".C.)<.(<.(<."5 +@..*.':..-..!.$6..*..,.!3#/C..)..1!+@..(..(...."5.*=..%..%!,@../.$6.&:.':..'..+..).....0..*.&9.!2.+?..).!4.$7..,..#..1.%9..#..+."4.&8..""-A.';..0.!4...$/D.#6$0E..*!-A. 2.#5#.C..,. 3..!.. +>.(;..'..,..$",A.&8..+.&:."3..%..).)>.#5.(="/C..0.&9../!-B..+.)<..&.'9.....-.....*!,B.%8..*%0F.)=.(=..#..&..#..1..*..)... ,@..1.'9!+?."5#.D *?.$8 *>.*=."4. 1..+../..(..,.%9.%7 ,?.'<!+A..-..).#4..'.. .)=.&:..). 3.(;..-.*?.)>.%7.!2. 2..%..(..,%0E]U.....bIDATx...ObY.....h!].Dq.T*9..x......N.c....`Y.1..$.L.t=..I.^.J.^|.?..n.o...9X.c.};...a....E.:.H|..%.c1t..r,_......~;=........./...lv...E.^.....Y.Y.....N...t.m.q..C.I.R..i7..R...A..)Id.....".~..D....l....N.S..2:.....=.}..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\contacts-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 752 x 72, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):38895
                                                                                                                                                                                          Entropy (8bit):7.990964332764873
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:768:7EEV8zrd0Vxva568aPuv3YNMb1CqmN3Z47IUXLxGEtktbeXFuHOFWfX:4EV8z50VK6lPDN4fo3Z47IMxjt+mgOE
                                                                                                                                                                                          MD5:AB76A537C3578459C3D3EC3D29282568
                                                                                                                                                                                          SHA1:113BB81C77EE8418F7D480D5BAFC09A5BCD282C4
                                                                                                                                                                                          SHA-256:63861B20F7E492D4AB33EB10D3E8CCC092119B40ADB42A357564376909BD9F86
                                                                                                                                                                                          SHA-512:A81F561240D52AFF0C4C80DC93C5927FF3AE3A1D7743DD5ED2F4F58E9CF3E88B3713B24422D339D2085B3AB48C36B48CE230B708AB9E7AEB7984A2DFB3479CA4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.......H......~1y....gAMA......a.....sRGB.........pHYs.................PLTEGpL.(>*K`..+..,./J.,D.&7*A\..*. 1..2*>Z-D_.0M0H`#8U+B].C_.#7."6.$8."7.#8.*>.)=.*>.!6.%9.+?.(<.$9.';.+?.)=.';.,@.#8.%:.&:.$9.(<.%:.&:.,@."7.&;.%9.-A.'<.&;.(=.!5.$8.'<. 5.#7.-A.)>.+>.!6.(=..B.*=.*?.,?./C."6.+@..B.)>.-@.,A.)<.*=.)<.+>..A.,?. 5.*?.$7./B.-5.(;.#6.-B.!5.(;.-@. 4.%8 /C 0C.&9.+@..+.':.':.+?.&;!0D.#7.#9..*.*>.,A..4.(<."5.'<.)>.*?..C.)=.(=.(>.,@. 4.'= 0D.+@....-B!1E.%:."6.$9..+..0.0D../.%;....&9./D."8..3.,A.';.-A.0C.%8.&<..A.!7.$:.)?..C..O.1N.#6..,.2O.-B.&:.$8..-./C.3P. 1.'=.(<*?[.6S*@\,B^-C_'=Y.&<$:V+A](EB."7(=Z.E`./B.1M%;W#9U&<X(?Z.!6.#8"8T.+>.*>.#6./L.!5!2F.5Q"8U.$:."5../.!1.$7.+?. 6'<V.,?.*=!7T.%A.%9.*=.%:..A.#8.*@.,?.)<..0.5F.->.&9#5J.-F.g......tRNS. ........@@. ..":......IDATx.4..o[w.....N.f...p..K^.r.....s.7-dS.$...$yi..l.R,Av.`.q.X.;6.7N. .J*.:qjA%..,.T....R...=..|.UF.d......>|.s.sx.._..?._.~...../?.X.|.K....1/..w....k...w?|.C.}(.?....~......./?.o........._|.!.*.........~

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\exit-popup-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 400 x 156, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):47284
                                                                                                                                                                                          Entropy (8bit):7.992295195519726
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:768:KigAZH6A8l6Je8DWJw8DKdKZqs0FXYUQyJmcHTbww9xIL3SO+/Uut7bhyhCNWnKF:KHAG+e8DWJQds0ytMVTbww9yL3uUE0h0
                                                                                                                                                                                          MD5:D4D248C630BF6A7D53263F4B36A48471
                                                                                                                                                                                          SHA1:0B00E36DE2739223F89FF841CFC0FDE451571D0E
                                                                                                                                                                                          SHA-256:E408DDD3F15A91230029DF9C2ED3A740665CF430409F80545F2489344CA16033
                                                                                                                                                                                          SHA-512:F5EF3C59B1C0B19486D78E788CD13E399F027110E30F1CB1B532A852EDF9DAAEE0B2A63D74B5BF920EF8E74BB522F7E16DA05CA6CA367681B7296E64C609A2C0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.............f..1....gAMA......a.....sRGB.........pHYs.................PLTEGpL.(<.."..((?]..#D[}+7N'5L'=Y..!..)<RrE[}..F..%#8UEZz.. BYz.(=.'<!1G"2H./E.)> 0F..D.,A.+@$4J.-B#3I%5K..C.)?.*?&6L.-C.';.*@./D'7M.&;.&:.%:.%9.&;.,B.(<.+A.'<.'<+;Q.'; 0E,<R.$9+:P(8N.*?.(>.#8.+A.-C-=T..D.$8#4I!2H.%:.,B"3I)9O 0G.(> 1G.,@#3H /E$5K"3H%6L..C.(='8M.+@&7L.(=#4J):O(9N.(<"1G,<S%5L.>U./F$4I&6M$5J/?V.-B!1F(8M):P"2G$4K!1H.-A.'=%6K*;Q.*@&7M.0E."7./D!0F.0F"2I'7L.$9)9N.&:'7N..E!2G*:P."6..E+;R'8N-=S 1F+<R&5L.%9(9O-38.)=->T#3J.$8%5J*;P.)> /F*6K.,A*:O'6M%4K/>U/?W&5K.-D.-B.'=,=S.)?.&:.6?-<S.."'6L.+?!0G$3I.)=.,C.!6.&;.>V&6K%/T.$9%4J.#J.=T..B.#8$3J.)>0@W1AY.';..#1@X.';,;R%7K-=U(8O0@X+;P.*>(9M..!..%#2I.)@..'.':..B.)?.%9..( 1H.*>>Uu.$:4Ki.#9"3J.&<.(<1Xd&8M1HgCXy/FdAWw.&96Mk8On"3G%:Y:Qp!2I<Sr,Cb.)@#8UD[|*@_'>[..*#2G!8J.,@!/F'8P%3J..1.*=W>.7....tRNS...@... ..@......G......;IDATx.\..O....Y{.9g.={..n.....).&...p `n...`.0wl...(...\.....B....')..H....I.B.K]).{G.tMow.e..F}...~.oz.J.._......>...o}.......

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\fast.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):675
                                                                                                                                                                                          Entropy (8bit):7.606800268124855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:6v/7i6gX7dGD3+zoCQDrqUw2QUp9RKG3VvJN1xOJ24wLTYqp2agcmitQ9:78DOsCQ/PQoRB3VhN1k24wfYqp2avVa9
                                                                                                                                                                                          MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                          SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                          SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                          SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\gauges-color-active.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 140 x 140, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16079
                                                                                                                                                                                          Entropy (8bit):7.981372985145839
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:xA+u6DdSFEXls8p/jxpiDqUpFGeuwOFoFWpFx9gcli:M6hed8pbCWUeet+oFWbHli
                                                                                                                                                                                          MD5:7E979DD87735C3E8E6436055DF0DB11D
                                                                                                                                                                                          SHA1:73880AA036F89B21C3635824C19B2D7D155FD152
                                                                                                                                                                                          SHA-256:C50E6F6205E523777B9B21C18389835B80D78D476EAFA45C4583D55DA29BCBD7
                                                                                                                                                                                          SHA-512:2D391111A7E529003C3BEC89FA432425EAB52BEACD4B118C096774CA36BB088BBA2207108BB91C667F2A71B649E47FB22B54C39B03D3125415ED18E80E089171
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR...............A>....pHYs.................sRGB.........gAMA......a...>dIDATx..}[......M7m.f|c...`BL.)0.>.h..=GA).="2+..}A.]%)........D...s~.}..9...S..|.so....]Yh........7...W..-...,....r..v.kp.R.2...o\q..p..W.l..g!`.vD=.*...y"..<...+..T.Z\.a..1.U[....U[..>..........8..s..c..o..u.....a^..$.Y.%..]#{...2... _.}..%.V..QR.V&.....G.0@`.dc..l....H:._9.........9G.;H....;|...w....v......;{8.Y..{:^C....V.WVw.I....*..-i..v..$=0.'zZY....\.&6..IH.7..P.Q.z2....J..G....~..l.....h..ge.^.....+..0.......1.C.!..4.@..{.m.ht.8....aY.K.....h}.....L4.TZ...I}E.v.M.....].......{..c...>.w....-;....s..).....`....e4.c..;a...B...^LX,M.0[./..i.v..R..L.|REC-.} ...st...B....j..1D.o7yvt...V ..^..m.....{.+..v.`..R.D3....@7*i.P Jf...T..&..6D~z.S...~.!Q.......^E....^7..m.'.`7#wG...{......k........J...{t.29C.qNa.:lv..n....F.Te.H1.:y.X.i.r.>..._....t5..6..m....4.....:.w..xWm[&.}[v`zj..J."...j...@!..s.Q.]. ..(%....1B+..R0..-VH.(.J..O6.l....N.._..]..^...].Aa.i...

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\general-settings-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 752 x 144, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):77494
                                                                                                                                                                                          Entropy (8bit):7.989935683068594
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:5orVvtWlHsKIY3V9rQMID3fMOXEFmeZsJnkZCGgjjzkvAiuPonM2tvvPr:SrBtWlMLYl9rAfeFmRyoGgnzGAiuwnvj
                                                                                                                                                                                          MD5:76D093B4423DEF770AC9B17FA09079B4
                                                                                                                                                                                          SHA1:A932B9979DB7558B87BF1357163D66C67D3715B1
                                                                                                                                                                                          SHA-256:A5A875F2103586E2752F369AF0F0A952E813B6EA126DB979499A5EE63A86F92C
                                                                                                                                                                                          SHA-512:1A8F8C24C10DF561CE8A176E129AE70DACC0496AD4449A39535382830EA9D7A097AD3530605CA7A292A492F3255DA709B3A05495AF7F77C62557CD29048A2EEE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.............Y..;....gAMA......a.....sRGB.........pHYs.................PLTEGpL3IfKc.Md.*=W.2K.*?-?T..*)=S.+E.....?..*.3P..*..+7Nn7PlKc.Jb.Kd..%:.$9.$8.$9.#8.#7.#8."7."6.%9."7*:Q.&;.%:)9O.*?-=U.(<.+@%5K..C.)=.';.-B#4J&6K+;R.&:.!6.)=.>V(8N 0F*:P./E.)>0AY):P.(</<W!1G/?W,<T.?W.*>$5K.!6)9P#3I(9O,<S%7L1BZ.&;%6K'8N.%9.'<*;Q'7M.=A/@X./D-=T.,A./E%6L#.K..D#4I. A$4K..B. 5.+A&7M$5J3D\1C[-<T"2H3C[.';.-C+:Q/@Y 1G+<S!2H!2G&8M.)>.$8.!54E].*@.?X%5J3E\2BZ,=T.,A.(=5G^'8O./F.&:.,B->V$3I"3J.#7.=U.-C"3I"2I.'<"3H. 4.+?4FG*:R4F^4F].0G.;Y,;R.)>,;S/AY'7L*9P#3H+;S.(; 1F.%;1AY.>U.,B..3.+@0BZ.+?.(F2C\.7O.(=.0F&7N)8O):Q1CZ5G_/AZ..E.-B&8L(9P(8M!1H->U.(<-<S.!7.*=%4J3D].-A.+@."8.#9.*?/>V.':.&<.$8.&9%6M0AX->W..+6H`-=V..*.!5....'=. 6*9Q 1H. 1.+<."6.):Ib.!2I?Uv.#6(9Q!0G%:W 6SLd.G_.."3D\~)>\.':;Qq5Kj.$6AYz8On.4Q.->,Ca0Ge.1N.2O2C].0M.!8 2G.2N........tRNS...@.... ..........q..k..+8IDATx..iL....Y...3....X. L.....P.Ul..Y..m;......p.81N..`...d#T.n.p...N.X..l+K..jWuW.Z.*.[U...9.Y55W...%..E.._.;....}.

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\header-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 960 x 32, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):23158
                                                                                                                                                                                          Entropy (8bit):7.987660913924122
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:R9QtLDgZNSzlDy60WRCmBcyXYL3lxKlaYxb6iptbyRwP4GeW/ZH19DhzH9EdrVFm:R9mvgZNSzlWq6yi3lqacWO1lH/DDHerm
                                                                                                                                                                                          MD5:D1EC70E94F9AEE5BDF38A8319333FFFC
                                                                                                                                                                                          SHA1:048EDACB842649F3733B2E25691833673E78BF20
                                                                                                                                                                                          SHA-256:358FB10480C694BD6A7927142523177F4D08CD00FDF6DC52E7C9F556978279E8
                                                                                                                                                                                          SHA-512:86E6662F5271246AD1BBAD5EBB40AB289840E25E59FFE166295B0A359AD9EB24C95E25C93ECC14ED6287D4D07EB43BCCDE7C600F40D1CAEC01E61446ECEE4EE9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR....... ...........PLTEF\xF[vCZuH^yH_{Ja|BXsJb.H_|Ia}Lc.F]z?Vs=Tp;Ql9Ni7Mg8Jd5Je5Ha3Id1Gb1C\2E]6Ib0F`3E_.E_-C]+B[.AX*@Y)>X(=V,>V*<T,>W%:R(;S%:T%<V"7R$9S'8P!6P 5O0BZ2CZ1BY2D[3D[2C[4E]3D\5F]4E\3E\3F]5F^5G_5G^6G_4E^5H_4F^7H`6H`7Ha7Ia7G`4D\8Ib5F_8Jb7Jb8Jc7Ib8Ic6Ia:Kf9Je8Id8Hb7Hb6G`7Ic6Ha5H`4G^4G_5G`4F_6Hb5Ga3E]3C[2D\3D]1BZ3E[2E\1D[0CZ0AX0BY1C[0AY.@W/@X0AZ0@Y.?W.@Y.>V.@X,=U-?W.?X->V+=U+<T+;S*:Q,<T*;R*:R)9Q)9P(8O(9O'7N&7M&6L%6K&6M%5K%6L#4J$5K#4I"3H$5J#3J#4K#2H#2I"3I"2H 0F!2H.0F 1G./F./E./E!1H 0G..D.-B.-A.-C.,B.,A.,C.*@.+A.,@.)>.*?.+?.*@.)?.)=.(<.(=.)<.(;.':.(<.&;.';.&;.'<.&:.%:.%9.%:.%9.$9.$8.%8.$:.$9.#7.#8.#7."6.#8."7.$8."76Ga3F^5F`-?V-=U/AY%6M!2I..E.%;.!53E^,=V*;T%5L.+@.!62D]1B[0B[*;S.&:.&:.#9..42C\4G`'7O0@X6F`4F`3C\):Q..D.(>.!6. 53F_.-D&6N."8):R4H_5E_(8Q0CX..3.4....WIIDATx.4..y.J.......L.yy..$......$;.b...{.M..*.F.`.9vh..Q.O.....,]..Cnhx.v.T.tF!~.T..v6A/u<.....1.....X..@.x..@K2 #. ...r6..I......`'s..........6....[#..+..~y.Wp..b./.k...8....u^.../.w.._.|ql.].(...

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\license-btn-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 136 x 72, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7168
                                                                                                                                                                                          Entropy (8bit):7.957106214340995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:uSdZk/acEQK68qnA2He+86KoVMNStmPRZ7vDCjvX:RdGHQ68qnA2HefoVMNStCRN+
                                                                                                                                                                                          MD5:BF98C8F6317811293D2498DE535C670F
                                                                                                                                                                                          SHA1:D931644EAFA5B12B7BD51157FED34F11E07A7EDD
                                                                                                                                                                                          SHA-256:163F1DA77DB7AE6EC07CEE4EE7B843413528B50B46DBCA2D7AC6CE83C20DAEAC
                                                                                                                                                                                          SHA-512:6EF9AE7AA55A6215FBC16796A56129B21F8A7E0B02018945E3652E68D521D73491FCAC79D5CDEB9A8DB612F2CAAAC33B6E0E64FD4B694A341F472B84A3006BAA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.......H.......M.....gAMA......a.....sRGB.........pHYs.................PLTEGpL.5O..+%<X(D\.,B."4.(4..+ 0D*>Z-C_.D`..0.&8. 0.1J..*.5S#9U..*.5P-B_-B_-B_.*>.'<.+?.)=.&;.(<.,@.$9.';.(=.%:.&:.%:.%9.(<.)=.$8.+?.&;.$9.*>.)>.-A.';.#7.*?.#8.#8..B.'<.,@.&:.+@."7."7."6.(=.*=.%9.,?./C.)>.+>.-A.-@.!6.*?.)<. 5..+.,A..C.*=.!6.&<.%;..B..-.$8..A.-@.-B..*.'=.+@.&:..A.(;../.,@.$:./B%;W. 0.(>&<X....%9.+>*?[.':*@\"7T....,?(=Z(>Z.$8.#7,A] 7S.+?#9U..3!0D.)=./D$:W.+>.,A.#9.)>.#7,B^.';.6S.)?.&<.4R.(>!2G.0J$6M':R.,C.="e....tRNS.....@.. @............f....IDATh.E.......uuw..;t..... .6..E..X.*...9'r...)N...n..@...H../..y...........?~.....'.}...O>..c../_......x..../_|.../>..%.r~....o...o..../.O?....|y#.._........_......?.b................nmmu..5....f.y......YV..j...W...{.l.i..B+..H..P.G..'..E......96.H/M....Y.m.rI..........y.._...[[_K..n.T...u..n.K,...Iw...Ov.V...h....l.;.c-^.i.i.1.[Q.s..#r..?vB...N..vH<!.7m.+.2.m.L~*.*...~..?#.....Wr<..B.....lr..H.q....58...

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\network-error-popup-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 400 x 217, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):63218
                                                                                                                                                                                          Entropy (8bit):7.993724807343349
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:1536:qIkf+DRZpmLeAKhWjv4L+KZYFQ9qsgwLztqfH4rd:DkmVZwHKSSjo8LzyYrd
                                                                                                                                                                                          MD5:A5A3A48E0B94E1BDF81894A1203A7BD3
                                                                                                                                                                                          SHA1:783E0BDBB971FD1A02EA657D7A6BF3C5DBB50840
                                                                                                                                                                                          SHA-256:1622F7811B0CA5D0379D469591F34B21EA608B373694E6CAEB6BC4D09798F572
                                                                                                                                                                                          SHA-512:D339A48A3066218310F63C74081A14A305E19842B61B9274EB4458ED913E9273D01290AA4DE7E441BCB99F7B9629DEAB38039B603A697B9F70078DE64A36E1FD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.............9A......gAMA......a.....sRGB.........pHYs.................PLTEGpL(<ZE_.F`.'5L 4N.'<+9L..*..".!.*?[#8WH`..."E]..(=.'<..D./E.)>#3I.0F.,A$4J"2H.+@.-B.*?.-C.%9!1G.$9.+@.*?.&;.&:.%:.#8.';.-C%5K.(<.'<..C'7M.)?&6L.&; 0G.)=.,B)9O..D*:P.*@.,A+;Q.$8!1F /E.0E.(='8N.+A$5K.';.,B 0E%6K'8M.>U.%:&7L.$H."6.)=.$9 1H.)>,<R 1G.(<./F(9N,<S#4J.(>.*>.-B./D.*>.+A-=T"2G%6L!2H.+?+;R.#7.'<$4K.+?'7L"3I.*@$5J%5L..C/?W"2I&7M0@X.#8&5K#4I.!6"3H0?W*:Q."7..E!2G,=S.?V#3H$3I.,@.,@..C.>V(9O.%E):P.-D.%9..E):O.,A.#9./D)8N)9P.'=.;G.&:.(=*;P"1G#3J!0F%5J0AX 1F.-B%6M->T$4I.&:./E*;Q.':1BZ.)>#2H.,A.*?,;R+<R.7=/>V.(>'7N.'=%4J /F.%9*:O+:Q0AY0BY-=U2D[.-=.-A.(<.-C..&.,B.&;..#..&.$:.+@.."..!.+A.(;*9O..D+:P"1H.)?'8O2.A'6L1CZ .D.-A.,C+;S.-B.&<%7K0?V.&<&8L8Om4Ki!2I.*=1GfAWxC[|+@_.%:>Uu.';E^.;Rq%7L&=[*;R-Db.&:.0D.>W. 4(:O#9W.. "4I..F/>W)8M.. ..-"0G.(:)<X.!......tRNS... .@....@..].Z...qIDATx.l..O....Y{..w.].._.Xq.*8.........B...mH.1...oq@..2o..@AJ....%.0L....`B..]f....'J...(3..=....m.h......R.w......'...

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\notification-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 300 x 100, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):23754
                                                                                                                                                                                          Entropy (8bit):7.977616690133352
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:SAKXVPaaJdY3k1P83G/E97PiJbDz29/3g0VCYkwf4cbstAm0nvztkrhawrAa:0PPJdYCU2Yi929IoCYkwf4cbstARn7SL
                                                                                                                                                                                          MD5:EE69EEAA3081737C265C6FBC33F18E1E
                                                                                                                                                                                          SHA1:AF52B5D1F260C4728E167053DAD9942546740FF1
                                                                                                                                                                                          SHA-256:2FB4C28144A26E65774BCE9A4A3B02CAB126955D8AB3BB14FAEE56A1D589F7E0
                                                                                                                                                                                          SHA-512:7195EEB0D1F953E6DF38D308DED0689A88946FF37089BA29F00800C4D8D3230FE992821FC8C00C2EA143B42F15FCCF33A28E082A339A33C6CFAA910A4B740254
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR...,...d.............gAMA......a.....sRGB.........pHYs.................PLTEGpL.A[..E.*@-A\7Lg +E6Mm.*@+>V-B] 4H%7O9Mf..F0H`-?W8Ph9Mg+;S#4J&6M,<T'7N%5L./F)9P(8O!2H 1G"3I*:Q$5K%6L..E*:R&7M-=U+;R)9Q'8N&7N'8O 0G$4K"3H.>V(8P(9O0AY(9P%6M.0F.?W->V'7O/@X,<S.-C#4I,=U%5K.0G..D!2G/?W./F&6L):P*:P.,B$4J)9O#3I1BZ-=T):Q./G"2H$5L,;S&6N.-D-<T+:R(8N'7M/@Y!1G+<S+<T..F.=U*;R2C["4I*9Q..E#5J,=T$5J./E/>V0@X0AZ!3H.?X 1H#3J 0F.+A.1F/?X+;Q.>U.-C&7L*;Q%5M!3I0@Y.@X!1H#4K.+B 2G->W2D[1AY.>W$6L(9Q)8P.,B'8P1AZ..D!2I.,C.)@$6K*;S"4J 0H.-B->U/AY./E'9N):R 2H.*A.-D%6K&8N+<R.,C*9R1B[-?W/?V-=V..F,>V'8M#5K2CZ2BZ)9R'6N*9P%4K+;T2C\.?V+<U+:S3:M*8Q3C[*:S&8M+:Q'9O"3J'6M)8O,=V&7O0?W%7L(7O(7N$4L7Je.,A/>W65Q0BZ6Id&5L(8Q2B[8Kf.=V,;R.@Y5Gb,;T /G.1G1CZ2Ea(:O4Fa.0E3D\-<U1D_.AZ)8Q'7P);U/A\*;P&9R4Hc0?X+=U.@Z(:S/B]%6N*9O,?Z%4L0C^3E_+=T!1F/@[9Lh$5M*<V#5I.-E0B\)8N+=Y(8M,>XGpLH.......tRNS........@. .. . ...........................................................................................................................

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\prediction-engine-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 502 x 72, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):29330
                                                                                                                                                                                          Entropy (8bit):7.986523289723094
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:VWpf3WLNxkl0wGlOL9oroJIiqWJp2/CG1pBC/LKm2sbtm9nig:CGLNuRK8JI9iKxfC/f2sbYcg
                                                                                                                                                                                          MD5:1AE0EC6F8DE5ABC507F7064EC41EA91A
                                                                                                                                                                                          SHA1:32D189888035ADACC6F2BB2DD88096169333FE84
                                                                                                                                                                                          SHA-256:3AC6C05579C395F97BB24F7CEAABBAC87571866E75A1018544858A271866412A
                                                                                                                                                                                          SHA-512:3686EE69273BD83C20D347F3E170599DA3E95F4D77E089ACEF7F45053ACC363515DCE440E548BE7DE3BF65EED9DE47B1992BB46E34B7C35A9EFD196E53FDA43B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.......H.....3.'?....gAMA......a.....sRGB.........pHYs.................PLTEGpL+@[..$..*.)<%7P.."-?P..(+9QKd.Le.?VwF^.E\~.)9%8XJc...#Kb.+;S,=U+<T->V*:R.?W,<T/@X'7N!2H-?W%6M,>V2C[->W0AY.*?(8O.)>1AZ*:Q 0F1BZ.+A)9P&6L%6L.+@%5K.0F/@Y.,B.@X.'=)9Q3D\ 1G./E*9Q!1H"3I,=V.?X./E3E\0AZ4F]0@Y+:R.%:..D#4I#4J..E 0G!1G$4J.)?.*?.&<&7M.(=.&D"3H.+@.&;.-D.(=$5L$5K.-C.-C5(C..D5G^.(>.,C-=U(8P4E].,A3D[$5J.'<'7M2B['7O.(>'8O1AY0@X#3I"2H+;R.,A1B[3E].*@.+?2D[29^/AY1CZ)9R4F^"2I,<U+/G#3H+=U./D!2G./F+;T&7N+<S*;S2C\(9P-?X/?X4E\'8N*:S.>V):Q.-D5G_.@Y.+B/?W'6M.-B)8P$4I!2I+<U 1H.0E.%;*;R.%;,>W.,@.,B 1F2D\5F]3C[5F^&5L,=T..#%6K(8N..C.)?.'<6H_,;S.>W/@W(7N$4K1BY..*./F.)>%5J.$91C[.0Z3D].#2.0G/AZ,>U.*A0BZ..$.*@..,. /C[}'6N&6N..'Jb./AX(9Q1A[.(<."0Ld.F^.Ha..&;(8Q&7L+:Q"4H@Xz-?V7H`,>X5H`.$37Mm/Ee<Rs>Uu1Ig)@_&7O,Cb5Kj%;Y'>[.#1+=V9Op#9V>Vx.$:#2G.(?.."!2J7Ha..0."5'5K..x.....tRNS...@.... ..@.....(-0K..o.IDATx.D.yP.....w.3.uo..$$!.B.B aHH.2.P c1.<.<.4P2.aR..D..*(z....=..n.U...Zk.n.vw.s.xO.>.....u?_z.}.I~....{..y

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\sidebar-btn-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 136 x 40, 8-bit colormap, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4688
                                                                                                                                                                                          Entropy (8bit):7.905126720832232
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:XSQZz5FLGPxujyOmdkG791J74qud9+rzDCgnPc8uyA3QN:XSQd5YPxqYkG791Nz++rPPcFvY
                                                                                                                                                                                          MD5:EDFE1B7F70B747CD493F4B78AF359A4E
                                                                                                                                                                                          SHA1:EDD7C16A95887D6386C8E5506DEAB73B3369E6B2
                                                                                                                                                                                          SHA-256:2B1D5194E67E75F345CC075CCDE481820F2C18B0B334AE9A9F3738AF48272546
                                                                                                                                                                                          SHA-512:98EF34DFC8AA682D432F669887F05B7572CD4ED2FAB0173EDADC3620F647F481374456A1EE369438459F30B90DFBACAB662F61FBF2FB571BC85B71C893CBC41B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.......(......xB.....gAMA......a.....sRGB.........pHYs................=PLTEGpL<Tx>Uv.$4CZz:Qp@Vv (<HX|. 0.!/#2E.)80C^DYz 0D8Oo.#2AWwCYy1Fc'9R. 09Rv;Su. /. 0."0*:Q*;S):R);S+<T)9Q+;S*:R*<T,<T)9P(8P(:R-=U+;R,<S(9Q'9Q+=U*;T,=U):S&8P.=U-=T+<U&7P):Q(9P*;R'8Q'8P-<T(9R.>U'9R.>V'7P&8Q,>V'7O%7P+<S/>V->V/?V%6O&7O(:S+:R%7O."0(8O,=V,;S+;Q&6O. /,=T*:P/?W'8O);T+<R.!/+=T/>U(:N%6N(8Q):P&6N-<S*<S0?W*;Q0?V. 0->U;Tv$5N+;T+=V->W$6N$6O.=T);R(9O)9O%8P0@W."/*<U-?W*:S$5M<Uw=Vw%5N.!0+>U(:Q-?V1@X)8Q?Xy@Wx*9P':R)8P->T=Ux>Vx>Vy."1,;R+:Q,=S?Vw=Ss;SvAXy'7NBWx. .+>V(7PDYzCXy.=V&9R&9Q;Rp$4M+:S*=T<Sw-=V>Tt):T:Mj*;U/=U,>W/?X@Uu9Ru1B\"2H.,@+:P;Rs$4J3Fa.$5%7N-<U>Uu$3F+>Z4Jk /D..C.....tRNS. . ..@.......@........@.4*Pm...tIDATX.$......}..=.i...EG3..&ZkFH.tSY..X.(.....jm........lv.%lvsH..B..H6Mr>.......G>#kf.......h`....Q...\...?{...g.........s<g...........=....:.<..:<.:;:.<;.>:..|.p................;....G..^_?...~..?..=|...?..........M....I.R$.e....d.%Y?9...N.U.s9.Wy..Vi...*..d.....tZy....W

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\images\system-overview-bg.png

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PNG image data, 234 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15170
                                                                                                                                                                                          Entropy (8bit):7.974008973310119
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:rSegJw3ghJ2Qw87alXymlsJ0icxD0cywvhsquGe3JaxGYycue6JJTuUu5WLnm9+p:eeg2s2k7Y7pRi33QxGNcuQcmAAzpi
                                                                                                                                                                                          MD5:3A68EAA813D8B88003A75BB5B39B060D
                                                                                                                                                                                          SHA1:48BE8FB1BA0C579D2F70D683AC0956908F06842B
                                                                                                                                                                                          SHA-256:BBED46E1C8181073645DD9658489768C3CF78FAAB9425E73FB0917EC78CC825E
                                                                                                                                                                                          SHA-512:37F1AD48FFA0E4EFEFAD09AC7674D4D10A882BE124FC9277B118CED5FF855C25B71A7CBC83B0B5FF2D3FB6B466D5CC625D84FFDDBD01342AC951877F947DDEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.......H......@i.....pHYs.................sRGB.........gAMA......a...:.IDATx.}}K.lIr.{.V.......5d..5...i.....A.v.v....`.5.Q..<...]]U7.?O....+....y.....s.8qNf\.........._..Z._.......)...:.v...:(^Geb..s~l.Qh............u..X...b....oI>N.........C.<2..i....W...............6}.v^}...??...$......k..^m........5..X......g.......T.:........^........O..J....F....#.n..X...>z.G.|:.Vc.n......d.p......1.....z..c..v...D...zW.C.7....r.y....d..P.o.....i3..A#...m......o...7..8.__....?...0.....O..}..?.A<.:.....2.wEP..Y..?.%...<g/..qr.........K.......%..`...jn..$)......!.C.............6..O..L#.v....#.&-;..t...!..i.w..".<:/...H8......l..6/......c.y..u..m.}.....C..).v.?........n...O..0./...i|..O.......G. ...~.......{._...z.!6/.\..:n7..@.........o%..v.....6......`......$... 3.A3l.v\...<.E..T.N6...\.2d..T~..y*.R.MYb.$[.e...sg.P..o........f.<.].u#R.Gz.$..-b...8...E.U5.R..*E..O.#.....2./...x>..o.......w.~....L...~.........F.&.z9...V..2

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\index.html

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:HTML document, ASCII text, with very long lines (2539), with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40747
                                                                                                                                                                                          Entropy (8bit):4.3561175921167985
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:7ybuPBuGgJDt53vHqg8WxXdNT11knQ8d4hUJj:wsBZInz8WxXdp9POj
                                                                                                                                                                                          MD5:CDFCD66D38E31EF02FF595EEEF696345
                                                                                                                                                                                          SHA1:86D22B920A79C86C9B96B9341C81A3450B33295D
                                                                                                                                                                                          SHA-256:68FD65B97E55483229FCA1ACD39B26E1443A9CB4BD4B3496A22F933339A666BF
                                                                                                                                                                                          SHA-512:A8ADC934BD910566F7D8F69CDB49C5F2D386E4213BDB813C8C0313F775E2355BD3E4256A0E51420EB1140FA6AFD7AEF335879CE16D0851BC93D46754C42B4DAB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<html>.. <head>.. <link href="css/normalize.css" rel="stylesheet" />.. <link href="css/style.css" rel="stylesheet" />.. <link.. href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap".. rel="stylesheet".. />.. </head>.... placeholders for future start screen video -->.. <video.. id="fastvid".. style=".. display: none;.. position: fixed;.. top: 0;.. bottom: 0;.. left: 220px;.. right: 0;.. z-index: 0;.. ".. width="100%".. height="100%".. xloop.. nocontrols.. xautoplay.. >.. <source src="vid/fast.webm" type="video/ogg" />.. </video> -->.... <body>.. <div class="modals-overlay visually-hidden" id="modalsOverlay"></div>.... <div id="payment_modal" class="payment-modal visually-hidden">.. <div class="payment-modal__frame">.. <div class="payment-modal__content" id="payment_modal_content"></div>.. </div>.. </div>.... <div class="close-app-mod

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\js\notify.js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3273
                                                                                                                                                                                          Entropy (8bit):5.034717990635706
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DV4RZjWSioewxpVIGZkv2WLxjdhjdnjaik+wT4dMM0xjRTZdzSqhONnsNo1N8N:R4RZ3ewfiGGVjPjtMsdMxjRTHSqhQ/Y
                                                                                                                                                                                          MD5:9E4D0298EF2264E5C2EB1CEA2C58A588
                                                                                                                                                                                          SHA1:31DF6D3F5999B6D721AC60EF2952CC1197D4B3CB
                                                                                                                                                                                          SHA-256:6BF81AFE7430BEA7D61A75E758B6B8F0032C49353E16605463BA5FF0816D7DFC
                                                                                                                                                                                          SHA-512:1555EA05CDB101E904EA3B361A71BE840794140BC1720C3EE8611BE01EE3E397447CCFC826F54EABD43C49930F9021C2A5D563573D2DAC7995CC1F943AF64BBA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:const gui = require("nw.gui");..const win = gui.Window.get();....let bClosing = false;..const queryParams = getQueryParams(window.location.search);....const SELECTORS = {.. body: document.body,.. notifyTitle: document.querySelector("#notifyTitle"),.. notifyText: document.querySelector("#notifyText"),.. notifyClose: document.querySelector("#notifyClose"),..};....const notificationTitle = queryParams["title"];..const notificationText = queryParams["txt"];....win.x = screen.availWidth - win.width;..win.y = screen.availHeight - win.height;..win.setAlwaysOnTop(true);..win.show();....setNotificationData();..preventFileDrop();..preventImageDragging();..activatePageListeners();..fadeIn(SELECTORS.body);....function getQueryParams(qs) {.. qs = qs.split("+").join(" ");.... const params = {};.. let tokens;.. const re = /[?&]?([^=]+)=([^&]*)/g;.... while ((tokens = re.exec(qs))) {.. params[decodeURIComponent(tokens[1])] = decodeURIComponent(tokens[2]);.. }.... return params;..}....fun

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\js\ui.bin

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):64624
                                                                                                                                                                                          Entropy (8bit):6.172635925166225
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:0fretdKE4VT/8ke7Ju9F2JvNSIcI/AK+i:MLB8agpNSIFYK+i
                                                                                                                                                                                          MD5:B10D548BDD97E7EB4143B7D47188F875
                                                                                                                                                                                          SHA1:49AE390A8196D3AAF8ED8C09071BD03FFE9279DC
                                                                                                                                                                                          SHA-256:6BC16EA3DA0B0B347813A7BC3A88D78D77209B323FC884FCA52A9758CFB29128
                                                                                                                                                                                          SHA-512:E75E44328FCAC41D364573A3CF501897093E307A4C12FFA1A230886B06796023328FCE6B0F348EEA2A5092183C9ACA0FDA082F7F5066FA44D86FF0AB572A39EE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:......S%......5.b].P............,T.....`.....1.L`.......L`.....,T.8.`......L`......"....Re...W....\\u[\dA-F]{4}....,T.T.`b.... L`.........r....2...."....Rb:.o.....\\u.I.....Ke&........<.8.p...;.3....o8...........!...-....!...-....y........_.........c.....^.........(Sb...........I`....Da.U..RV.....Sb.`......d.....Rbn.c.....gui..M...Rcb.......https.....Rb.2M....net...Rcj.9v....bClosing..Rc.xSY....bRunning..ReF.......bFirstMinimize....Rc..-.....bExpired. Rfb..m....bInExpiredSetting.....Rd.b=.....bEnterKey.....Re........bInActiveSetting..RcrV.m....bTrial....Rer.{.....bShowInterests....Rdb`......fast_UUID.....Rd........fast_Version..Rd........bFirstError.. Rfrf.S....bFirstStartReport.....Re2RD.....fast_urlPixel....(Rh..#O....usedApplicationForSurveyCnt...Rd>?.q....bMinimized....Rc.|......vGauges...Re........minGaugesChange...Re.F.E....maxGaugesChange...Re^.......bShowPrediction...Rdzf......bLoadingDone..Rd.~Y.....bFirstStart...Re~.Hq....bNotifyShowing...$Rgv......prevActivationSuccess..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\js\ui.js

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45
                                                                                                                                                                                          Entropy (8bit):4.461530252405225
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:+BKSLDrbIoMLNLQJlWsren:+Dn4oRVre
                                                                                                                                                                                          MD5:FE10063F4A895C45C6F50E4B031A7B7E
                                                                                                                                                                                          SHA1:6B2E8F116DBDD03A7AD19C0C156C0C3824AA1AD4
                                                                                                                                                                                          SHA-256:FE3E5FDBC7265A8463D2AB98D7066DF486717A760501CBCFB3E8EBD7478CCAA5
                                                                                                                                                                                          SHA-512:36A8EA42F7D35192DF68246520A7F91946A8E7DCF3747112C6FB2DBB9159F2DC31AF527BC0A66772EE379E08C3036E16D6B191DC34AE0B3D324BC42F83EA32FD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:nw.Window.get().evalNWBin(null, 'js/ui.bin');

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\notify.html

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):728
                                                                                                                                                                                          Entropy (8bit):4.71398599337068
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:5+yDRCNffyDnofUI2NwznbqAbDEEfI1WsBlb8A9o5AT8xRpNouRiFlTBhn1jVMbu:5TWfIou6bqkEZD8Aa5ATbVMq
                                                                                                                                                                                          MD5:F8C5A6B15445FEE35C9FE2BD008BF9F7
                                                                                                                                                                                          SHA1:1972A0B9993E74563D31C346B330B0DAE2F6B53F
                                                                                                                                                                                          SHA-256:290E440283F05688880A737A7914689B788647A5A7CA9DC5AE8221A32F627C33
                                                                                                                                                                                          SHA-512:A988F76832D18BC4B8A1E63BBDBE6A0665657C8DD8A0F3415D0C2CEBDA5CB31C178A31150A462BF43F6A36AE2FBDEB19D283E25347D7AB9F443954064BDC863C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<html>.. <head>.. <link href="css/notification.css" rel="stylesheet" />.. <link href="css/normalize.css" rel="stylesheet" />.. <link.. href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600&display=swap".. rel="stylesheet".. />.. </head>.... <body>.. <div class="notification-background"></div>.. <img src="icons/fast.svg" class="fast-icon" />.. <img.. src="icons/icon-close.svg".. id="notifyClose".. class="notification-close-icon".. />.. <div class="notification-message">.. <span id="notifyTitle" class="notification-message__title"></span>.. <span id="notifyText"> </span>.. </div>.. </body>.... <script src="js/notify.js"></script>..</html>..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\ui\package.json

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):339
                                                                                                                                                                                          Entropy (8bit):4.504668979187309
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6:3HWLGbc65cCRvFNKM1G1Jt/BoFkSH4xIr0HFKvFQ/uNjDIqONUVFyvNMukI9c8DP:VQ65cCRv+1Jt/PSYxI4HUUTNUu+ukI9H
                                                                                                                                                                                          MD5:D0408667A024FE29169D7E1C262F6494
                                                                                                                                                                                          SHA1:E120E7E1F8E8C693588500474B8F7F835006EBEF
                                                                                                                                                                                          SHA-256:CA445644916F41B112A7B7F375F996C9C918CF085061533ED141FEEF466294D7
                                                                                                                                                                                          SHA-512:3798D788F661420A8DCD24B7B124A9E61C235A81755E7518EB3159C21664C37ED98054DCE75DAFA224B264CAF991455F13AB54B1DD7213C89839D42A3A2BDB25
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{.. "name": "FAST!",.. "main": "index.html",.. "window": {.. "title": "FAST!",.. "icon": "images/fast.png",.. "toolbar": false,.. "width": 960,.. "height": 460,.. "show": false,.. "resizable": false,.. "frame": false,.. "show_in_taskbar": false,.. "always_on_top": true,.. "position": "center".. }..}..

                                                                                                                                                                                          C:\Program Files (x86)\Fast!\uninstaller.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):478629
                                                                                                                                                                                          Entropy (8bit):7.908880957557781
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:NbE/HUAVynxpO573XXh0lR+ALK7tYMCu3SmZTf438ZtjCUfNcGP5CZ8uAIq6CSnF:NbcA/O5HR03nKx/K8j2C/PgAI6A1sA5
                                                                                                                                                                                          MD5:2E5238FEEBEDC51991E906DA9A14E16A
                                                                                                                                                                                          SHA1:EDFB5738C14F6BDFDF86EE0E17A0876C971881F6
                                                                                                                                                                                          SHA-256:4C4ED8B69558B565F3B6181A70677379FA86FF869170D2EDF2BD519F1162638B
                                                                                                                                                                                          SHA-512:CC775B22192F6026866BB1C57056F87729944A9EA31CD8DD151D07AF8A48CDDDB6CD7487B6B545CD0177697D24126E7AA204E214594588950F6FA7DF61EE0C14
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@..................................k....@..............................................L...........=..`-...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...P...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                          Entropy (8bit):1.3316067460633234
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvr5N:KooCEYhgYEL0InN22Xr22XBz
                                                                                                                                                                                          MD5:66B6498A5D195E08F83F91D213E01207
                                                                                                                                                                                          SHA1:B4A4B0CBAC6C099FC158C3D68E99689572BD4232
                                                                                                                                                                                          SHA-256:A421ABAC1D7F8980AE0CB20DDA91031F8FF5F4FC0EBC9F6283CE3F609A8701C6
                                                                                                                                                                                          SHA-512:02352EB76F98CE34FEECBE9B162352CB7F9D6FDAB1E3CB011E7AAAB9F0232D98F3059496C2663410BE77C7A3128C217586DD6022890986F3D4DA4A3D60448940
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x512e4e66, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1310720
                                                                                                                                                                                          Entropy (8bit):0.42216086603737024
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
                                                                                                                                                                                          MD5:0DCCF07E2D56124A431D251CA244A8DD
                                                                                                                                                                                          SHA1:7F486A14B57D9166BF1AE11D9D1B26088A2844E5
                                                                                                                                                                                          SHA-256:AEAB1FF74E365AFF0FF1123CE6D54D3F61939816B430070B043E4124FE288550
                                                                                                                                                                                          SHA-512:9920D4B8C00E10224F47F2745A488A2EF6051D7B349562B1F19ED5A81F0CBE117017BE1D04675A7F514262BCDA0DE9DD244F3E08B1C34EC4C8C051F003ADA871
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Q.Nf... .......A.......X\...;...{......................0.!..........{A.:"...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{.....................................:"...|..................8...:"...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                          Entropy (8bit):0.07710859733589415
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:AilEYeoFsMlu5ejjn13a/WwhXllillcVO/lnlZMxZNQl:AzasMluAj53qWwhOOewk
                                                                                                                                                                                          MD5:1A21DA9A0331AF40886C8BFC2FDC04C4
                                                                                                                                                                                          SHA1:AF68E33E1345C0169A2AB180DA7D52B982E7D32A
                                                                                                                                                                                          SHA-256:CEB63378315D261C4EB258A8715584CB4838709E4767C299DB8DD2030AED6CDC
                                                                                                                                                                                          SHA-512:7915D972EC29D71C7DC61C8BADFFB718BC0A5C726FC18949EABD8BF0EC513D5BE12BA86C5C717DDB7C1B0251BE912DEB0415DDE9EC837C8C6009FA29BAC82884
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..q......................................;...{..:"...|.......{A..............{A......{A..........{A]................8...:"...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\D3DSCache\79488f6db1539bc7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Public Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65552
                                                                                                                                                                                          Entropy (8bit):0.01264908944072593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Lsz/n/lGlll/l/lXp9ZjrPBY0dlel/xP:A/0dPBY0en
                                                                                                                                                                                          MD5:54262A239DB56D6BCDC2744665C45DFB
                                                                                                                                                                                          SHA1:ADA2EBBC43D9F40E39C56B59109F8F0300420E2B
                                                                                                                                                                                          SHA-256:A2B836A1A83F728F673055A347582C76B428622FEEFAA8EF9B7C7687B7951643
                                                                                                                                                                                          SHA-512:FBB0CFF0D8275C7A74C11BA21B31E13116F6F7D5851465CF1C62CF745CA79D97B0DF5874994AE985A1F3995D295359B9FEF84C05B0DDDDB4095802896E219233
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.?I.........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\D3DSCache\79488f6db1539bc7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:R:R
                                                                                                                                                                                          MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                                          SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                                          SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                                          SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:EERF

                                                                                                                                                                                          C:\Users\user\AppData\Local\D3DSCache\79488f6db1539bc7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                          Entropy (8bit):0.022887861931192723
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:9llVllbd2DJqojSbloIlrJFlXnpQj6j7lPIcldattPllaia9sVQMm6En:A9q0SbdlrYOj7Kc6tr2Hrn
                                                                                                                                                                                          MD5:5B10FFE874290E3C601E367472021364
                                                                                                                                                                                          SHA1:A7B798EE76BA72C540A63DA5C62B83DE9C875C6F
                                                                                                                                                                                          SHA-256:03F9839970194B2FE29FD7EEC12746A92984E18FA45FEBD4C441FDA54CE99F44
                                                                                                                                                                                          SHA-512:16AA71100D7D9448AB88A3F4743249A989245F1228349C6128C84C8D7F654FC33474CB256ADDEFF59C4212FCF78D1109827880376C095F6DBBF57924CC5E07E7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................R...(....x:no.&A.e.u~+..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.n.w.j.s.\.n.w...e.x.e.............................(...p.DJ!.IL.....Zm.F............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):131033904
                                                                                                                                                                                          Entropy (8bit):7.997763079224339
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:3145728:lWm4EkXPikhk8/f6smzMPLgQrY0Z/oE7e39wWrUd2Ym8y7rzGqAQPi:/wXP5lQcLgKBBq3Yd2YmV7rzGzQPi
                                                                                                                                                                                          MD5:599BAD8E7D2363415B86A08F4ACD243A
                                                                                                                                                                                          SHA1:930C91815F9B3BC9DD3C9E876F37425A3094074E
                                                                                                                                                                                          SHA-256:57814315C08CF3C65A3FE12E3474B6EA4254305237B7BB44B181524A4E18DA08
                                                                                                                                                                                          SHA-512:296FF0A02AF1EFF378EC421FB3E4090FB4834956C738F40AE1AF540B3E8A323511953435E6D0EFDB49571B68974D1464BDC8E10E50D2A9E8261B7431E9CA93EE
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j..........-5............@..................................k....@..............................................L...........=..`-...........................................................................................text....h.......j.................. ..`.rdata...............n..............@..@.data...............................@....ndata...P...`...........................rsrc....L.......N..................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):144688
                                                                                                                                                                                          Entropy (8bit):6.667845757025275
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                          SHA1:51A619DDCB3661AA8675C2D7483840AC4F991746
                                                                                                                                                                                          SHA-256:FA159F50E67FB5829F0F2511E25111C719411E6B6152FEA97F3A296264C7D7A4
                                                                                                                                                                                          SHA-512:691090B54CE52D7E8BCFFF2711ADE7A6A8BB21B409358D7BFFC2053A53C116C7C22896F21BA36945A54F094D963CD9361A132D2E165365FE287C02F3C60356ED
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s..s..s.....z.....f.....{.....x..s........x......r......r..Richs..........PE..L...O.*W..........................................@..........................`............@...... ...........................!..x....0.. ............&..0....@..........8...............................@............ ...............................text...8........................... ..`.data...h...........................@....idata..j.... ......................@..@.rsrc... ....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):2636
                                                                                                                                                                                          Entropy (8bit):5.19317620957231
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:EBC1D82D8CA3925D08131289492DDD47
                                                                                                                                                                                          SHA1:51C6B220EB780827A6BA36E69E639C2B8378C9E4
                                                                                                                                                                                          SHA-256:03DCAD9EDB8CA98A8B5ACA609D81779B025205D949C60AA6B96A528CCF6794AA
                                                                                                                                                                                          SHA-512:4BA786CC0500385B110DD7D50AB83D667E829254A6B78FF0C7AF6A0A3FE2ED87C3F120243C08AABF5499252C177B5FB4A1E2B8D8ED2961DBAC6F820C36969D33
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:<Results>..<System>..<ComputerName>367706</ComputerName>..<Tool>..<Version>2.0.17a</Version>..<VersionDate>2016/5/01</VersionDate>..</Tool>..<RunTime>2024/03/06 09:35:37 GMT</RunTime>..<ProcessorTopology>..<Group Group="0" MaximumProcessors="2" ActiveProcessors="2" ActiveProcessorMask="0x3"/>..</ProcessorTopology>..</System>..<Profile>..<Progress>0</Progress>..<ResultFormat>xml</ResultFormat>..<Verbose>false</Verbose>..<TimeSpans>..<TimeSpan>..<CompletionRoutines>false</CompletionRoutines>..<MeasureLatency>false</MeasureLatency>..<CalculateIopsStdDev>false</CalculateIopsStdDev>..<DisableAffinity>false</DisableAffinity>..<Duration>10</Duration>..<Warmup>5</Warmup>..<Cooldown>0</Cooldown>..<ThreadCount>0</ThreadCount>..<IoBucketDuration>1000</IoBucketDuration>..<RandSeed>0</RandSeed>..<Targets>..<Target>..<Path>C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp</Path>..<BlockSize>4096</BlockSize>..<BaseFileOffset>0</BaseFileOffset>..<SequentialScan>false</SequentialScan>..<RandomAcces

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\error_mini_empty_path

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                                          Entropy (8bit):2.9881439641616536
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                          SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                          SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                          SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\full_installer_done

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                                          Entropy (8bit):2.9881439641616536
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                          SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                          SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                          SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\installer_start

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                                          Entropy (8bit):2.9881439641616536
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                          SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                          SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                          SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\installing

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                                          Entropy (8bit):2.9881439641616536
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                          SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                          SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                          SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\systeminfo

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:GIF image data, version 89a, 1 x 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                                          Entropy (8bit):2.9881439641616536
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D89746888DA2D9510B64A9F031EAECD5
                                                                                                                                                                                          SHA1:D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
                                                                                                                                                                                          SHA-256:EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
                                                                                                                                                                                          SHA-512:D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GIF89a.............!.......,...........D.;

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\tempPOSTData

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1624
                                                                                                                                                                                          Entropy (8bit):5.240077537870134
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:F5E4D5DCDB7E682EA88753220FE75C09
                                                                                                                                                                                          SHA1:04A217DE872037BF57EBA5AC5659E4873190B527
                                                                                                                                                                                          SHA-256:420023B4C7CA043DC19272FAC8E7A681C4D53ECEFE3778390AD88DE926C60DB0
                                                                                                                                                                                          SHA-512:7E81BC7A40AB5D8D3B76A0DE9FE3C30F03128AA148FD163167D79A1191D4976E8144C675E379F0C62488BB3132F9EE890ACE677589861F03D83339FFA51F2B92
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"system_stats":{"os_name":"Microsoft+Windows+10+Pro","os_installdate":"20231003095718%2E000000%2B060","os_processes":"113","os_architecture":"64-bit","os_virtmem":"8387636","os_mem":"4193332","cpu_name":"Intel%28R%29+Core%28TM%292+CPU+6600+%40+2%2E40+GHz","cpu_maxclock":"2000","cpu_cores":"4","cpu_logicalproc":"1","pc_vendor":"VMware%2C+Inc%2E","pc_version":"None","gpu_name":"F6VE865R","gpu_ram":"0","gpu_bitsperpixel":"32","gpu_x":"1280","gpu_y":"1024","disk_name":"SPAC_PX8+SCSI+Disk+Device","disk_size":"412300001200","sec_as":"","sec_av":"Windows+Defender","sec_fw":"","bios_releasedate":"20221121000000%2E000000%2B000"},"pcapps":{"0":"7-Zip+23%2E01+%28x64%29","1":"Mozilla+Firefox+%28x64+en-US%29","2":"Mozilla+Maintenance+Service","3":"Microsoft+Office+Professional+Plus+2019+-+en-us","4":"Microsoft+Visual+C%2B%2B+2022+X64+Additional+Runtime+-+14%2E36%2E32532","5":"Office+16+Click-to-Run+Licensing+Component","6":"Office+16+Click-to-Run+Extensibility+Component+64-bit+Registration","7":"A

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\tempPOSTResponse

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):121
                                                                                                                                                                                          Entropy (8bit):4.227223605095569
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:2C557FC464D7BA0CCE6D80FD9546472A
                                                                                                                                                                                          SHA1:1745E349309C42952FFBF137655747D62CA8011F
                                                                                                                                                                                          SHA-256:70B85AA31DFF4A75A70413198BED863DCF59D400076FD29163F805475ACAE5E4
                                                                                                                                                                                          SHA-512:8EB39318EC6BCA0BBD360D4EA73C06550E568E52793A4925ADB0EF88C5085B400892A8A4AA0AD502E13571066DF3607BAED754F968301A48E99E46522E8C049F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"cpg":"default","inst_excl":{"eula":"skipped"},"inst_addon":{"eula":"skipped"},"inst_path":{"show":true,"startup":true}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\temp_settings

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):39
                                                                                                                                                                                          Entropy (8bit):2.3650627250719287
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:49ADCDCFE913E5F4782EDDB2EA401444
                                                                                                                                                                                          SHA1:5A7829CFC2530E14ABAF1AF159A625F948C08F36
                                                                                                                                                                                          SHA-256:FBF17A834BD29FB6EDD8B59E0C47FDB7E15F047BE3C4568FCABCEF0B9C8B4129
                                                                                                                                                                                          SHA-512:8D6F25C6697A9FBD458773FFAB15916718BE57333ADB9B168300A59D37EFC8F02F589CCBFAFECA0F15BF7D4494496C5A1052AF8DF69870D0C81ABB4C1FA4C699
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:1,2,64,1,0,0,2,5,256,1,1,1,1,2,64,1,0,0

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):104857600
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:2F282B84E7E608D5852449ED940BFC51
                                                                                                                                                                                          SHA1:2C2CECCB5EC5574F791D45B63C940CFF20550F9A
                                                                                                                                                                                          SHA-256:20492A4D0D84F8BEB1767F6616229F85D44C2827B64BDBFB260EE12FA1109E0E
                                                                                                                                                                                          SHA-512:2798503C2C7B718799324122137BF30A562AAD1BC04BBF343DAAD225A5FD0D1FD5D269843A01AB00D4F8D8C5AB34F8956065F9831EF7459E9C487E895099E956
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\05ef6d13-a4af-4a7b-8e64-aa350f6cc86e.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2734
                                                                                                                                                                                          Entropy (8bit):5.6279607994082825
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:30F5FA97B7FA5DF42CA7BAC6E824C2BC
                                                                                                                                                                                          SHA1:B424F4863D0B1C2172BFA218A67FA6CA66DB4405
                                                                                                                                                                                          SHA-256:96E0DD3D3F1C1E124DEBB478F966A0EC75D61D65D9E7E3EC068BF2C535D5C6F8
                                                                                                                                                                                          SHA-512:F1289FDB6A6EE6D6C0DA2A4688E40220FD02DDF4F26AD95989B7A440FF2C840D76A9F4B97B89F0F1FCF06CBBA19241E25F906258E8DBCBDCA60C2319768E1B54
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"browser":{"shortcut_migration_version":"119.0.6045.105"},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"policy":{"last_statistics_update":"13354191360744692"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_i

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\171e1109-2d58-4186-acb6-902d2f349802.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                                          Entropy (8bit):5.692462672816023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C3E6F38C88677C5ED6F2309E06E55D00
                                                                                                                                                                                          SHA1:6066CFE4A70E16FC869B0FEB3619ADBD70A7DE0D
                                                                                                                                                                                          SHA-256:64BB21B995C7D26036B02A281280C8D3D8C9638A919F02215EBBA6CE91B84AEC
                                                                                                                                                                                          SHA-512:4DF9DF9DAB2362A7A278CE37C76BA2C7330953AD94460CF0B4393FB03EF26EB509FC30D57DA18E1A630EF87C6BA3298B67767E9BEDA425C756BB79C5CEE8875A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"profile":{"info_cache":{},"profile_counts_reported":"13354191360641963","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709717760"},"user_experience_metrics":{"low_entropy_source3":20,"pseudo_low_entropy_source":5416,"stability":{"browser_last_live_timestamp":"13354191360561163","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\48398d1f-fcbd-4d88-ae2f-b7a4c157a0d8.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2825
                                                                                                                                                                                          Entropy (8bit):5.621355233694466
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:1DA66C451A5AF70CFC8864C5D4C6B23A
                                                                                                                                                                                          SHA1:093E8DD539E3293EF0B7EA62B45E972F3A1E7CE7
                                                                                                                                                                                          SHA-256:F715905CF2ACACDAB598FF6CC3FD072452F203E96B3FCF3BEFD475D8EB24E3A6
                                                                                                                                                                                          SHA-512:E76D49EC64CE1358912A7A20EFAA5089C4E311D98DAA214C476050D2229CACC4137FD3C2F6CA0AE2071897867298D89CB22FF34B2CBA7B5E4047115EBCD77390
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"browser":{"shortcut_migration_version":"119.0.6045.105"},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"policy":{"last_statistics_update":"13354191360744692"},"profile":{"info_cache":{"Default":{"active_time":1709717789.469264,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_de

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\83c711d2-29b5-4e2f-b36f-9d3b2ca0ec6c.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2825
                                                                                                                                                                                          Entropy (8bit):5.621568579732308
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0FAC96D25754326760D341DD368207F8
                                                                                                                                                                                          SHA1:CEF7772BFC0423D3819DAC2A748253909AF15ECD
                                                                                                                                                                                          SHA-256:35971176654DDADFE732697043B6C2A08886B9C50BED910E21FA167094C9AD0B
                                                                                                                                                                                          SHA-512:F73614425F3C7E06AA457760E6C835E8B631720B65F3F4F38F9E7AB5CED001144C18B0B653595EF107B3741D9EEB5EA8C33AAAB10643DCD07A9EEDF5EFA3399B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"browser":{"shortcut_migration_version":"119.0.6045.105"},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"policy":{"last_statistics_update":"13354191360744692"},"profile":{"info_cache":{"Default":{"active_time":1709717789.469264,"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_de

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\9e2ffa3b-2e89-4113-872d-d10e8f28112b.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2655
                                                                                                                                                                                          Entropy (8bit):5.631568130521725
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:497379E928BAF44BAC7D14BBE7683DC1
                                                                                                                                                                                          SHA1:178ACEE124C086C5E12505816587684A03A9AA6A
                                                                                                                                                                                          SHA-256:F6DB6E41973E45B2A63065C8B1848D3C705751CB6A430C26E4472DE7DA100DD5
                                                                                                                                                                                          SHA-512:5F90A0FC79ECAB2DCBDB7DD4380A187513CC93A707ECD9A1E39AC94212F8BA0BCC3EC1A942B6CFAA836CCFE7455DA63B10E8B7EBCB16FD6D56DA58D81A23E24C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"management":{"platform":{"azure_active_directory":0,"enterprise_mdm_win":0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"policy":{"last_statistics_update":"13354191360744692"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://theme/IDR_PROFILE_AVATAR_26","background_apps":false,"force_signin_profile_locked":false,"gaia_id":"","is_consented_primary_account":false,"is_ephemeral":false,"is_using_default_avatar":true,"is_using_default_name":true,"managed_user_id":"","name":"Person 1","shortcut_name":"Person 1","signin

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\BrowserMetrics\BrowserMetrics-65E83900-9EC.pma

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4194304
                                                                                                                                                                                          Entropy (8bit):0.32830215142494606
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:EED48E728810AD3974A398F9591F8A89
                                                                                                                                                                                          SHA1:584917B0741ABE209E3F3790610D93767E1038CD
                                                                                                                                                                                          SHA-256:3DC2CB56160A07C36F1083C0433FFC5C449AE47708FD71AD88E25025F80CC73C
                                                                                                                                                                                          SHA-512:7A8A94C729FC7A47993DB64DFB127409ACFA6B1679F0E81877E094A09C2619AABA1F93EFDE3D37F1E1DC5239C4A51E4BC925FC822018A4752989B5CD451AAF59
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...@..@...@.....C.].....@................Y...Y..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....F.........119.0.6045.105-64-devel....".en-GB*...Windows NT..10.0.190452l..x86_64..?........".brnwtl20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J..m#:^...YJ..<..S...J?J....W....J?P.j....... .8.@.............................$93cdce01-fe27-4365-94f7-778f73e93a19...*.....6.'D.I.V.bHA.7L..]...<..8...(...SyntheticOptimizationGuideRemoteFetching....Disabled.0..,.......HttpsFirstModeClientSetting.....Disabled.<..8...$...Segmentation_ChromeLowUserEngagement....Unselected...0..,.......Segmentation_SearchUser.....Unselected...4..0.......Segmentation_ShoppingUser.......Unselected...4..0.......Segmentation_CrossDeviceUser....Unselected...4..0.......Segmenta

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\CrashpadMetrics-active.pma

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1048576
                                                                                                                                                                                          Entropy (8bit):0.01757675543894886
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:96F37196DB145D80A932640CD5E3BE77
                                                                                                                                                                                          SHA1:424A45315D4671AE658AB06545892CBE95A43F7F
                                                                                                                                                                                          SHA-256:59D573CF410A8FA5F936686BAA6F2C91E208F95BB9FD9DEC760CADB54CC1440F
                                                                                                                                                                                          SHA-512:6703E2604E5DA051F6E6F91CC9F4B7AFB4DE7D470B430E19D8D5B39631F0279040EF6264D365BDD90588C4CD0AEF12E2CE3420720E5799F7D1D6CE67E8E63AC3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...@....................@...................@...............`... ...i.y.........CrashpadMetrics.....i.y..Yd.X.......A.......e............,........5l.*...................5l.*.................UMA.PersistentAllocator.CrashpadMetrics.UsedPct.h...i.y.[".................................!...&...+...0...6...;...@...E...K...P...U...Z...`...e...........i.y..Yd.........A...................V..>....?....{.................?....{.................UMA.PersistentAllocator.CrashpadMetrics.Errors.. ...i.y.[".........................i.y..Yd.........A..................._..-.....h-.....................h-....................Crashpad.HandlerLifetimeMilestone.......0...i.y.[".........................................i.y..Yd.@.......A...................V..>..../.y.KO................../.y.KO..................Crashpad.ExceptionEncountered.......i.y..Yd.........A............................K..0.................K..0.................Crashpad.ExceptionCode.Win...... ...i.y........K..0............i.y.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\metadata

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                          Entropy (8bit):4.080270736298437
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:41908EC97740673EEE07E6F750A94869
                                                                                                                                                                                          SHA1:D492A6CFE3F7C57F904053097D653FBA3D4E5948
                                                                                                                                                                                          SHA-256:53A28628A98CD8A5B42C00A900478BA6441D9F48A11721C47B046AFB3B93E735
                                                                                                                                                                                          SHA-512:D82816B309F768BE0FC3DE499F73ED383DA0699D45B47A22B59ACFE209F40A4BB46371FFBBC3A3AAFD8DA272C19D877E29D657EEE32E0EC5BC76F05802C8F29E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:DAPC.............-.^)..D...........)....9.e....%9.e....................5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp..

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\reports\5e092dc7-ee29-44c1-be91-b795c4d994fb.dmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:Mini DuMP crash report, 13 streams, Wed Mar 6 09:36:01 2024, 0x200000 type
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2272288
                                                                                                                                                                                          Entropy (8bit):3.943850691900935
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D8390126C29AE5B8E1C8D787FD9ED5A9
                                                                                                                                                                                          SHA1:BD9E7B72AA4D0ABFF786376A82796A83D4758439
                                                                                                                                                                                          SHA-256:942D6F8E72C0879CA6D7107F5E407666045D281BB70657BBBC6A2D6037A4D33E
                                                                                                                                                                                          SHA-512:E200D060A2D924809ECE587A35E48CD225BD7D6A3947436111FD8E1134C0A506D23F73A3AAD2B7ACA4A1345EED458481206A5A78A0F9693B51D40E64BF6A45DA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MDMP........ ........9.e.. .........8...........T...............X...............................t#..............@=....PC@....@...........D.......K..."....kKF....o.......y.. q....kK%.......................eJ..............L.B.........................2.0.0.6.....T...G........8.e................................................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................W.i.n.d.o.w.s. .N.T. .1.0...0...1.9.0.4.5...2.0.0.6.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Crashpad\settings.dat

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                          Entropy (8bit):3.8393538721671994
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:FD65B578502C013C3B0F6AE8C6399455
                                                                                                                                                                                          SHA1:EEA6C6834D6C5D020489EAF7C4945A09228A88DC
                                                                                                                                                                                          SHA-256:6FCCA34C23D66FD7D5F5A561976E5414D267ED89E8A4A18422CE49E6D54EAAEF
                                                                                                                                                                                          SHA-512:98E1C163E88F56DE1957D58E312E8768BF32380989C7E18B957F74FEFA5607D57804DE7FE074B5255EB82282BF03D5AEA9043F7D4973C660A4E8FF60C820B7B8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:sdPC............%9.e......DS..I.t#..t2I

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\238ef019-7f66-47f0-9ff6-c308103b5fba.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4662
                                                                                                                                                                                          Entropy (8bit):4.94212534995673
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:27980938A34562E9C11660EF67172A8D
                                                                                                                                                                                          SHA1:DEC477419F97DE596CD28A324702A5F3180EC088
                                                                                                                                                                                          SHA-256:0B97CE32AC55926463A27670EBA846D370704565B3BF51105604236018C5C6AE
                                                                                                                                                                                          SHA-512:212886D1C7D7FCBB3855217FDC54C2D685654D712180F4B5C9C537F038911D1305EAAFFD8C26AB0402AFC9B51D8594148CCCA423FFBF6EEE1955B9171243D07A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":722,"fullscreen":false,"left":160,"maximized":false,"right":1120,"top":262,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\2944526a-8371-4b25-8e21-3e20896e1a70.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:very short file (no magic)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1
                                                                                                                                                                                          Entropy (8bit):0.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\3193ece0-f246-41a1-ac4b-de69be94c081.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):151668
                                                                                                                                                                                          Entropy (8bit):1.0550957398929903
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                          SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                          SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                          SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\346f6605-9639-4aad-9088-235bba086126.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4366
                                                                                                                                                                                          Entropy (8bit):4.931402461455969
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:BD2E9C2CB19D8DE68E1099DECAAA6507
                                                                                                                                                                                          SHA1:7A1F04940E761238D6F53158AF8298741B7E9009
                                                                                                                                                                                          SHA-256:88A5B592DC90EA3D84908D9017449BCFD73EB2A7C1B13598EDBBE33B021E6E83
                                                                                                                                                                                          SHA-512:4B4FD2A55C4662F51D0DCD10BAC8B034956273C77006EEE92C573C041A960D9000042173CCE00277610CA9A3E765033794093ADA1E68B9C6AB99BE8CB281926D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\3e2bc64d-fa79-4b0c-ba27-c9b601df3e44.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4294
                                                                                                                                                                                          Entropy (8bit):4.926540300453239
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C03402FEFAA68CCFBE73625C57D6D976
                                                                                                                                                                                          SHA1:B51FF95480E9EB175856E4619E9B659BE8ACE64C
                                                                                                                                                                                          SHA-256:2457B330995F4543BA48F9AE17D22303024F3318BA4BD02E5C759DF75E5F54E9
                                                                                                                                                                                          SHA-512:825E9492F0FAFC010E38F36A625254DD3F42F61E362573B3848B11BE6474FA2C629E1415538B704200C98A4CC5A75C23244FEE23F74E3910E5DA60A96DD386F9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\3f48e891-dcb9-4064-a1ae-2c0fd06f2581.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):5030
                                                                                                                                                                                          Entropy (8bit):5.1199226215091205
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:12FB3367A2007165314F5B8A3947FB85
                                                                                                                                                                                          SHA1:E918ADA742273D67A6C692E2C8C7CBC2947A54BF
                                                                                                                                                                                          SHA-256:16649C5F5924BB02C7F3E3F151421AF1CCBCF36E0D6F8570195E7D791C3C9BF1
                                                                                                                                                                                          SHA-512:CFAF73DDDB6744288355DFA1CFD783008CFB784DD938B36684D6F570D7964A6D4F727F8077507A26685D38EC9A6A02424A7BBF435E7E0EF206B068807F98F99F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false,"window_placement_popup":{"bottom":722,"fullscreen":false,"left":160,"maximized":false,"right":1120,"top":262,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Affiliation Database

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                                          Entropy (8bit):0.40014189446483467
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:00AF4A50B4E83413600C40BE126B17B1
                                                                                                                                                                                          SHA1:D6C2AAC58F581C4EA3B45C997A922DD99B2396CD
                                                                                                                                                                                          SHA-256:95A77058925FC8DC392E2A4CF51D60EE41FFA49967A6E3BD4F34EFE3F0473E0E
                                                                                                                                                                                          SHA-512:8B95EE2EFCA34EFE82A7E53E3C9EF68B481F174A5545C6A0AF9BB104AB43EF9554E2FB439522D4308886A8B04C9BC912472E82AF1E0964A5CA89906F0C646A02
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....e...$.y.....Q........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                                          Entropy (8bit):0.020222612969128587
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:49F9C95A7BE103D9B03E1BDC2F33DDDE
                                                                                                                                                                                          SHA1:5BE5AEC0BBCD8747CD06EA1D6D7F984E0F135235
                                                                                                                                                                                          SHA-256:0AEEB5030E3D79C563DCC9B828D4102210CD3BFF1C1FFC75E61BF7CB3DB23085
                                                                                                                                                                                          SHA-512:EA7D5565AA4618B052E6995747E35BFA4E1883BC21E1DBC39490FC81EFC4F41CE853BDFF23E2B8B9FC1A5A3667A01BF864FE317E4CE0964A9DE364892241065F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:dBase III DBT, next free block index 3238316739, block length 1024
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                          Entropy (8bit):0.02651421376755939
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:087A41A3C80F9F0F9CA8FED83069823E
                                                                                                                                                                                          SHA1:A4DF95160F04C4499D2F264F491F0773AB5A7225
                                                                                                                                                                                          SHA-256:755597E98E3443AE0D57FFF887F6337549646E487171B84BC21B2F8DDA71D662
                                                                                                                                                                                          SHA-512:F7D32401D680D12645D330C868775F71937C7AFEF7BE480626A2BD2F4EDDE45B9998D35F38A15F3DB7C6EF3BB114DE1607DBCC25A0680410EC78AE8100351C36
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:................................................................................?.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1056768
                                                                                                                                                                                          Entropy (8bit):0.06109018106663626
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:31182EBA409251036C0B302C5A40F732
                                                                                                                                                                                          SHA1:2B456E3C204926BD49DFD60EA9E213FD7C250D9F
                                                                                                                                                                                          SHA-256:F5BAA1E0CA63E59141F2BC5A9137CAE7B911F7914F598C3AC7773D750B068F8D
                                                                                                                                                                                          SHA-512:212B84D8E604F4C56424B10E9002F98BDC33698BBE1CAAB4A0BF0FEE5369D4FB1D4AF45B8BB51A30543F73C26769F179D970DB4C9E74C742F6816C9178C00A6A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4202496
                                                                                                                                                                                          Entropy (8bit):0.035874387610991945
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:3A091D7B25E1E3F6A783A8E5BCC69A8A
                                                                                                                                                                                          SHA1:E4828EB112EA27D36E5A578D8C84A8E09ACB8E41
                                                                                                                                                                                          SHA-256:3B278D5413CAB22968F769482D389F188A98FE5290703ECFE4C6759F0D2D0BB8
                                                                                                                                                                                          SHA-512:2E512E75717C613A27E21579589AA08DE70026223072C385120301455A37F0E73C80DE006B230D5E36FB575C7C9538D6686B5273592FBDB59A610B97C72B1850
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):46704
                                                                                                                                                                                          Entropy (8bit):7.994860687757006
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:30A274CD01B6EEB0B082C918B0697F1E
                                                                                                                                                                                          SHA1:393311BDE26B99A4AD935FA55BAD1DCE7994388B
                                                                                                                                                                                          SHA-256:88DF0B5A7BC397DBC13A26BB8B3742CC62CD1C9B0DDED57DA7832416D6F52F42
                                                                                                                                                                                          SHA-512:C02C5894DFB5FBF47DB7E9EDA5E0843C02E667B32E6C6844262DD5DED92DD95CC72830A336450781167BD21FBFAD35D8E74943C2817BAAC1E4CA34EAAD317777
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:wOF2.......p......................................O......^?HVAR.g.`?STAT.8..4/l.....<..6..f.0..\.6.$..H. ..\..>..[`....|...........7o.)....C81=......g#l..PA.c.......%...$.K.....|}}....8H.\Yd.....2c.J....0K.....I..k...F..f......,L.....P...JGwj..KM....n..,..o.....n.ck...1...%.<.....;5...9..2....=b.....("4..:.k...K_...`.5v..2@...,_.3..6..@PR.]...f!X.~..b.....-..9.....?.=:kt.'@_...N...8.i......Fo..S.C.=%.........W.@7d..%......,"h...b@.DE.]l.n..(;......E.ng].`....8..C;m....).u8.....4...%..c.A.hc]....s.{.+....J..Rq...f..I;.B..g.....j.@~.........H.........:]Dc.J.6r..].".c...8j...v. M.PXB.,.v...M..NtOO.......Z`-.i..X.....".y....c.....+..e[..(..q...u..kh.k5W..=OK{.;...7...V...I.FMTWv.Dv.[..^`......JY..:.,.. tgKhC..2-...I..S..'...IL..........p......&:..(...g..B.`......%U....-.m.D.b.m..p..26.0D.....$j.r...w..z.9.)`..n.I..B...s"es...;..vY...6.T...**..2o.....W.Lu:wx.?.7..x......C..E.^SE..F.5WcMi..a..n...X...t.........6.j.j..M.9..a.....f<J.....@.&f..'.|.....p

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Cache\Cache_Data\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):524656
                                                                                                                                                                                          Entropy (8bit):4.989325630401085E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5FBB57A63CF9422E60258C31480C3298
                                                                                                                                                                                          SHA1:715D87BC4C35A93F74CC736712AAD68AD378EBF2
                                                                                                                                                                                          SHA-256:23E407E97A3560F895CECEB9C0FAFDAFE183638352F313A861264FDD4C8A472E
                                                                                                                                                                                          SHA-512:0AE7813CE543513E60CF811A0289E113314ED8F2DFBEE0525308D64B54189B50842072324EE3E1E8DD05620216DB6C160AA1F4675EED9DA07F554E29BF2B27BF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................g....q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                          Entropy (8bit):2.1431558784658327
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:0\r..m..................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):2.955557653394731
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:BA7BED4C0464CE6F39BB2CDD96451010
                                                                                                                                                                                          SHA1:1D91A201877525BBD0092611435EE9328060DC82
                                                                                                                                                                                          SHA-256:E4EBFCFEC685B4DBCFFB9F6968EF6E3A3285472A6758F1D960DE50DBF610D742
                                                                                                                                                                                          SHA-512:75551F456B0C85F7AB3607625386AA4B7B74E801141C6F6AE7C51016601CD9FD15A74EB645137665C312BF5CE7E4BA44D04627BF34C5413A9036275C1BE91B98
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(....b.8oy retne..........................T..q/.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):2.955557653394731
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:BA7BED4C0464CE6F39BB2CDD96451010
                                                                                                                                                                                          SHA1:1D91A201877525BBD0092611435EE9328060DC82
                                                                                                                                                                                          SHA-256:E4EBFCFEC685B4DBCFFB9F6968EF6E3A3285472A6758F1D960DE50DBF610D742
                                                                                                                                                                                          SHA-512:75551F456B0C85F7AB3607625386AA4B7B74E801141C6F6AE7C51016601CD9FD15A74EB645137665C312BF5CE7E4BA44D04627BF34C5413A9036275C1BE91B98
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(....b.8oy retne..........................T..q/.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                          Entropy (8bit):2.1431558784658327
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:0\r..m..................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):2.9972243200613975
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:96E740AB355BEDA83E37AD8447CDE067
                                                                                                                                                                                          SHA1:6CB8C736FC2F80D8F948A77B6FACB1FB8951EFFB
                                                                                                                                                                                          SHA-256:211ADA56702FD2556BADE856C6C164F073E0BA811089358670B7806A83CA3A31
                                                                                                                                                                                          SHA-512:4F85A0BE59CC9A991BC247478DC122BE23F94B857C5DA837B6243E7E09CEABE93FEC47709AE6AA898BD6601E8432DC6C2427B483F541A59DD83E6283F4933A01
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(....2.joy retne.........................T..q/.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):2.9972243200613975
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:96E740AB355BEDA83E37AD8447CDE067
                                                                                                                                                                                          SHA1:6CB8C736FC2F80D8F948A77B6FACB1FB8951EFFB
                                                                                                                                                                                          SHA-256:211ADA56702FD2556BADE856C6C164F073E0BA811089358670B7806A83CA3A31
                                                                                                                                                                                          SHA-512:4F85A0BE59CC9A991BC247478DC122BE23F94B857C5DA837B6243E7E09CEABE93FEC47709AE6AA898BD6601E8432DC6C2427B483F541A59DD83E6283F4933A01
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(....2.joy retne.........................T..q/.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\DIPS

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                          Entropy (8bit):0.4844591872775897
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:E132816B0A55616B4E694EEAB812D4DF
                                                                                                                                                                                          SHA1:AC46F9CDBE16B119A65BB922FE3B151A3CAFC419
                                                                                                                                                                                          SHA-256:706736C45CB2926F70355A96FCDF35985804931FDCD142552E4C704B10A484D6
                                                                                                                                                                                          SHA-512:383859B28139D1C3C5158B4932190FDC7D684C57F57CEECBB839575F39A082DD4166F451735E26CE6316396F17C034E9658D6540238B0732E247C51153FD91EE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_0

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_2

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\data_3

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\DawnCache\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF1D2C6B038FC7D17A4DE8E222CB701A
                                                                                                                                                                                          SHA1:CC07B0847B86C9AA34641AF048B9F92F2C030FE9
                                                                                                                                                                                          SHA-256:8DB642BEB9B2CC300D82CC83FE5A03DE0C7137F4D6C6587EEB24DD10B8D55322
                                                                                                                                                                                          SHA-512:30BB5D257AE516E700ECC92A2E913214677F74BCE11F3F99E7F60A9387E544CC94623FDB6D6B57AE219587DDFD53CFE81DB5D04A8ABE1B5BE41B02421DF1872A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.............................................q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):76
                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CC4A8CFF19ABF3DD35D63CFF1503AA5F
                                                                                                                                                                                          SHA1:52AF41B0D9C78AFCC8E308DB846C2B52A636BE38
                                                                                                                                                                                          SHA-256:CC5DACF370F324B77B50DDDF5D995FD3C7B7A587CB2F55AC9F24C929D0CD531A
                                                                                                                                                                                          SHA-512:0E9559CDA992AA2174A7465745884F73B96755008384D21A0685941ACF099C89C8203B13551DE72A87B8E23CDAAE3FA513BC700B38E1BF3B9026955D97920320
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5...............

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):261
                                                                                                                                                                                          Entropy (8bit):5.16019920334876
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7034EA4ED6D6E5E7E8F132D7C5C14FAB
                                                                                                                                                                                          SHA1:7D24D545919397351514FA0230F55023DCFC481B
                                                                                                                                                                                          SHA-256:DF38505BC43696FF9A679694D0FD43C37A953786E1B8AFACE2D8311CF80780AE
                                                                                                                                                                                          SHA-512:9A5F09B829D7CF75949CBC76D5B34D845572305886BCE822FD1B378D6D1C0A2DAA648C935C828BAC2D26785FCABE83720A1E294997575832A40BE71C41A5BF41
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:03.484 a24 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules since it was missing..2024/03/06-10:36:03.760 a24 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):38
                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                          SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                          SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                          SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.f.5................f.5...............

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):265
                                                                                                                                                                                          Entropy (8bit):5.181437951900216
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:3D6D9F8696D83F14FFB3D5FD68E21BA6
                                                                                                                                                                                          SHA1:420E81C60669805CF92F7BE4AC093B3C6DA11263
                                                                                                                                                                                          SHA-256:42F49F18698AE02C18D590F5FC764F0DC87D326210BE1A15A2F0639C96DF054C
                                                                                                                                                                                          SHA-512:3C55F6EA73A892FBE37121B2E244A4683ED498438EC3D217354FE888F93AAD603E4A15E71F1CC4B878ADAF412F3230456120162FA5C1F06F0B51081B3E743791
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:03.797 a24 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts since it was missing..2024/03/06-10:36:03.814 a24 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):114
                                                                                                                                                                                          Entropy (8bit):1.8784775129881184
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                          SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                          SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                          SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):261
                                                                                                                                                                                          Entropy (8bit):5.171557894703454
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:10A529884F45D0AFE12B5C3BE340D812
                                                                                                                                                                                          SHA1:6070B39DE919046E521D6381854221A62C2093EC
                                                                                                                                                                                          SHA-256:9D24CE47E6CCA107A04F11799153B417D159750459E5FFB7B3DEA84870CD3BFD
                                                                                                                                                                                          SHA-512:02CF8A93592037CF679E41863CF3CB813364B87DA95D401DB13B08D1382C03787FC5009CD82BFF466D30F0DD0AF7EE8A0DD95762C9A498378238D6CA3E232E32
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:03.920 57c Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State since it was missing..2024/03/06-10:36:04.643 57c Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Favicons

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):0.6975083372685086
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                                                                                                                                                          SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                                                                                                                                                          SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                                                                                                                                                          SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_0

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                          Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_2

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\data_3

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\GPUCache\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:451520B18536D864DA60CFB36D2126FA
                                                                                                                                                                                          SHA1:0F8F026F24CA7F6AF16CABC8B3B747F31EFD5A50
                                                                                                                                                                                          SHA-256:AF2C1AC87516E2D2F1EE360A8BD3C47E104C6FCB0F821B391B7B6331A0F9518B
                                                                                                                                                                                          SHA-512:A1EB878C7D3AC8BCCB49753E4C160B228B180FC6D0C0D6D209E7470FB16740F6F6449E40A1757D6CBBAF8ADAE8EF40A955DCC54FC685C85B4BBADB3622EC310A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................i....q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):151668
                                                                                                                                                                                          Entropy (8bit):1.0550957398929903
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                          SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                          SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                          SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Google Profile.ico~RF589185.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):151668
                                                                                                                                                                                          Entropy (8bit):1.0550957398929903
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                          SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                          SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                          SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\History

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 40, cookie 0x21, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):163840
                                                                                                                                                                                          Entropy (8bit):0.6076100675546782
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A8C13EAF4F96DC4435DCDB00ADBD454A
                                                                                                                                                                                          SHA1:2DA5DC305976A92D618779A2800209ECD7C3DE19
                                                                                                                                                                                          SHA-256:DF7E647DE8B5AA87053E8FB303FD02C80A2359AFB6D061722531E69DD60A98E0
                                                                                                                                                                                          SHA-512:F66ABD471B049DC12B34F968F77108A2923FF0FB77FC0B5E56A1D79DCB21AC0A2FB49432900AE45C839F44DFF50791E5F4AABA11C58DDB3E3B8C3575D44D9A33
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Preview:SQLite format 3......@ .......(...........!......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):275
                                                                                                                                                                                          Entropy (8bit):5.247476574594874
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D3364FA163324E3315389C9ECBC1C71F
                                                                                                                                                                                          SHA1:238B1562E05AD232800021942DB074025333685B
                                                                                                                                                                                          SHA-256:8570EEC7744AA691FB08984F27229AAF471B2ABA5DCFF9993BD60F17822DF222
                                                                                                                                                                                          SHA-512:1D248349897E04462BAC026813D14DC88DAAA4D2C95B8EF210A9C77E0B4E281BABAF6F1C351C862F33C6C9E3332A5CC1EF4FB0C7B2CE978901A0B61FC9CB8A01
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:05.459 1a78 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb since it was missing..2024/03/06-10:36:05.808 1a78 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Login Data

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                          Entropy (8bit):0.8553812935198943
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A1877CA6FEF34566AF96AF105F154DEE
                                                                                                                                                                                          SHA1:8DF5BEE9F7E2ECE02F854056A3CC1DFDADC7A298
                                                                                                                                                                                          SHA-256:BA40B8EB55AEAF252FD740BFED6B2C99B057110F9FE1F684C9694EC0B7BD80F0
                                                                                                                                                                                          SHA-512:D82F9FA88583B07DF5309086056BAB6308304DD4F75F63CA8E769A9938F4FCC8214EFC1F7AAD78DD437121E1E32829E25E0C2259C28CEA385DC0F5A9BA1D9E69
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Login Data For Account

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                          Entropy (8bit):0.8553812935198943
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A1877CA6FEF34566AF96AF105F154DEE
                                                                                                                                                                                          SHA1:8DF5BEE9F7E2ECE02F854056A3CC1DFDADC7A298
                                                                                                                                                                                          SHA-256:BA40B8EB55AEAF252FD740BFED6B2C99B057110F9FE1F684C9694EC0B7BD80F0
                                                                                                                                                                                          SHA-512:D82F9FA88583B07DF5309086056BAB6308304DD4F75F63CA8E769A9938F4FCC8214EFC1F7AAD78DD437121E1E32829E25E0C2259C28CEA385DC0F5A9BA1D9E69
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network Action Predictor

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                                          Entropy (8bit):0.40293591932113104
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                                          SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                                          SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                                          SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\1041d8c2-09dc-4cbb-9f6b-06094dbb2d82.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):59
                                                                                                                                                                                          Entropy (8bit):4.619434150836742
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\30e7c7d8-b5d6-40b4-a187-229695b20fd9.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1141
                                                                                                                                                                                          Entropy (8bit):5.440559584911478
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:FD775CFC7AE725A5B872792214B640D1
                                                                                                                                                                                          SHA1:C4A24EA18B12E4EFF048F9E132A7650B05381218
                                                                                                                                                                                          SHA-256:54042AD921DEC1CB089852B723638534D7B7D2D8067553D64F8290EAD3B8C639
                                                                                                                                                                                          SHA-512:4D6F38D7AD91C10292423BBA659F859AC8C5ED4AF9407C06D37A8FC7C1DB78E8D4C659E79A6D4A391FF1D7234288D38F7CCB0A23FD79AEB11D967826A1688B75
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356783386161042","port":443,"protocol_str":"quic"}],"anonymization":["MAAAACsAAABodHRwczovL29wdGltaXphdGlvbmd1aWRlLXBhLmdvb2dsZWFwaXMuY29tAA==",false],"server":"https://optimizationguide-pa.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356783373810615","port":443,"protocol_str":"quic"}],"anonymization":["OAAAADMAAABjaHJvbWUtZXh0ZW5zaW9uOi8vbnBhaW1taGhqY2ZoYmRvZ2RmY21sbGRnZ2xwbGRoYm0A",false],"server":"https://fonts.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356783386629061","port":443,"protocol_str":"quic"}],"anonymization":["OAAAADMAAABjaHJvbWUtZXh0ZW5zaW9uOi8vbnBhaW1taGhqY2ZoYmRvZ2RmY21sbGRnZ2xwbGRoYm0A",false],"network_stats":{"srtt":184917},"server":"https://fonts.gstatic.com"},{"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":180498},"server":"https://

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\4327514d-12d8-42b7-85dd-b40c51bc5640.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\54e8ebe9-1957-42da-9cab-666fa3a1066b.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):974
                                                                                                                                                                                          Entropy (8bit):5.435227210402318
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:F34EC7437E58A88F14C3A5B164A95978
                                                                                                                                                                                          SHA1:526FEBE870870A300772DD90568780502A7D62BD
                                                                                                                                                                                          SHA-256:BDAF7DD9641DDA0EE4BB2B743C48CDCBDBD04CBBF04807B067F72C28179CBB99
                                                                                                                                                                                          SHA-512:5D5A17AC29CB86B615DCBF139690D343E2A3882F02087877E796641514F78BFBF865BA028817BFB4E69F0EF2D45244B52D11CA86321A0FFCD78E479B825386C6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356783386161042","port":443,"protocol_str":"quic"}],"anonymization":["MAAAACsAAABodHRwczovL29wdGltaXphdGlvbmd1aWRlLXBhLmdvb2dsZWFwaXMuY29tAA==",false],"server":"https://optimizationguide-pa.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356783373810615","port":443,"protocol_str":"quic"}],"anonymization":["OAAAADMAAABjaHJvbWUtZXh0ZW5zaW9uOi8vbnBhaW1taGhqY2ZoYmRvZ2RmY21sbGRnZ2xwbGRoYm0A",false],"server":"https://fonts.googleapis.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13356783386629061","port":443,"protocol_str":"quic"}],"anonymization":["OAAAADMAAABjaHJvbWUtZXh0ZW5zaW9uOi8vbnBhaW1taGhqY2ZoYmRvZ2RmY21sbGRnZ2xwbGRoYm0A",false],"server":"https://fonts.gstatic.com"}],"supports_quic":{"address":"192.168.2.4","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Cookies

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):0.5712781801655107
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A1BCF7BF637CC64E444CBBE6B4467C5C
                                                                                                                                                                                          SHA1:BF4D19094D159673C6BF26AD61EAD8117297E759
                                                                                                                                                                                          SHA-256:D3D5336E4EA8FA68ED90B4B4C6DC2E9710CE20483B21988D4A928AE5E391502E
                                                                                                                                                                                          SHA-512:6F5114413C87ED0D0ED7B291EABADF82CE924B66CA3009CDD5EB5180354D23F6EFA91E02E69B20B79717580C2A4618E53BBEC12EF01B3474B9E68B36AE65AA6A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):59
                                                                                                                                                                                          Entropy (8bit):4.619434150836742
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State~RF59ba65.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):59
                                                                                                                                                                                          Entropy (8bit):4.619434150836742
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Network Persistent State~RF5b0c2a.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):59
                                                                                                                                                                                          Entropy (8bit):4.619434150836742
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:78BFCECB05ED1904EDCE3B60CB5C7E62
                                                                                                                                                                                          SHA1:BF77A7461DE9D41D12AA88FBA056BA758793D9CE
                                                                                                                                                                                          SHA-256:C257F929CFF0E4380BF08D9F36F310753F7B1CCB5CB2AB811B52760DD8CB9572
                                                                                                                                                                                          SHA-512:2420DFF6EB853F5E1856CDAB99561A896EA0743FCFF3E04B37CB87EDDF063770608A30C6FFB0319E5D353B0132C5F8135B7082488E425666B2C22B753A6A4D73
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                          Entropy (8bit):0.7553529932782944
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:77CAB2C7EC930579D6623A3FC98F0FB4
                                                                                                                                                                                          SHA1:7699468426AE910574A0565A37C6765702201672
                                                                                                                                                                                          SHA-256:DDA104EFEF8E436582AE564AAD8559A4AA8A28474A7AF79067E9786ED609AE28
                                                                                                                                                                                          SHA-512:84E67FA69FE7F7371A4AA03BADCC6C34B87F2D37589452622ECCE2B8A6B109B0826682E2AE54C7F69D55539DC325EFACC68A247CEE15B01772CFAAA7325AFA7E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2
                                                                                                                                                                                          Entropy (8bit):1.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[]

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Network\Trust Tokens

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):36864
                                                                                                                                                                                          Entropy (8bit):0.36515621748816035
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                          SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                          SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                          SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF58dae3.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF592142.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF59595a.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF599663.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Preferences~RF59cf64.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\PreferredApps

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):33
                                                                                                                                                                                          Entropy (8bit):4.051821770808046
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                          SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                          SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                          SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\README

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):162
                                                                                                                                                                                          Entropy (8bit):4.273886413532386
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:44028E0E05F8498268AA16B5D1BF19FF
                                                                                                                                                                                          SHA1:1C241C407F2903727920B5069C4582F5D33369C8
                                                                                                                                                                                          SHA-256:2952D4AD35DC8E19F3D10CEFA90B832EB3923B88C472A22F6FD57D4A5CF84E74
                                                                                                                                                                                          SHA-512:A8F677CFB8EB25A8A8287AB2ADCF72932FF9AEBFC54EACF55034342BFFA10A212C487B11895C005605737569C24800F5EA82AA9A3FDAED10FD084E897A8FF2C4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:nwjs settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through nwjs defined APIs.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4068
                                                                                                                                                                                          Entropy (8bit):5.518360534084392
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:044319BA6ED33ECF862090DFB9456C61
                                                                                                                                                                                          SHA1:17D52B0BDAF1F1D60694FC98ABA78551DBB2FFA1
                                                                                                                                                                                          SHA-256:5E2E91E2F4BFE4A817D199E3D985BDBCB6516623A6D749605FCD756BD38C8BF5
                                                                                                                                                                                          SHA-512:E8287492435DEDA0799DF25575346E077B24943961902721F674B0BC44E4FC5ADF555AB6D1DA4EFC742BBA424AF24C88C53A4DD4DDD9233A4581A3773A37D32D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354191360938141","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354191360938141","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Secure Preferences~RF58d9e9.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4068
                                                                                                                                                                                          Entropy (8bit):5.518360534084392
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:044319BA6ED33ECF862090DFB9456C61
                                                                                                                                                                                          SHA1:17D52B0BDAF1F1D60694FC98ABA78551DBB2FFA1
                                                                                                                                                                                          SHA-256:5E2E91E2F4BFE4A817D199E3D985BDBCB6516623A6D749605FCD756BD38C8BF5
                                                                                                                                                                                          SHA-512:E8287492435DEDA0799DF25575346E077B24943961902721F674B0BC44E4FC5ADF555AB6D1DA4EFC742BBA424AF24C88C53A4DD4DDD9233A4581A3773A37D32D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354191360938141","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354191360938141","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Sessions\Session_13354191372616877

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3048
                                                                                                                                                                                          Entropy (8bit):4.109257765435939
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:87EDEBDFE7DBD859D5A78579FAFD5259
                                                                                                                                                                                          SHA1:9218852550E723606180B85EE2868315931C735D
                                                                                                                                                                                          SHA-256:813E60F2CFFC07E02276954BE1F4CE386E93B53D6724BEF488D6AC9E819929A1
                                                                                                                                                                                          SHA-512:32F7406C0DB259CFBED19C80AE8454EAED07391C6CC633139E880B9FA441F0F52C03329DD0EC789A9546F4EA8E52A7759DA2561EA5CC61D5BA60FA8F2891B40B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SNSS.......0..*....5..0...0..*&..._nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm.........0..*...... 0..*.......1..*.......1..*....!..1..*...............................0..*1..*1..,...1..*$...22dba02f_230e_4658_9cb9_7fc73e94dab4...0..*.......1..*........q/.......1..*...........1..*....>...chrome-extension://npaimmhhjcfhbdogdfcmlldgglpldhbm/index.html..............!.......................................................................................................................P.......h...............`...........................................................>...c.h.r.o.m.e.-.e.x.t.e.n.s.i.o.n.:././.n.p.a.i.m.m.h.h.j.c.f.h.b.d.o.g.d.f.c.m.l.l.d.g.g.l.p.l.d.h.b.m./.i.n.d.e.x...h.t.m.l.....................................8.......0.......8....................................................................... .......................................................P...$...0.f.1.1.c.7.1.0.-.4.4.9.d.-.4.f.6.e.-.b.f.c.7.-.0.e.d.9.c.d.3.2.2.b.3.1.................P...$...a.6.4.9.1.6.9.7.-.d.5.9.7.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\cache\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):24
                                                                                                                                                                                          Entropy (8bit):2.1431558784658327
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                          SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                          SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                          SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:0\r..m..................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\cache\index-dir\temp-index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):2.9972243200613975
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5E1CA127A4D43FEEB1F774C32CC71FAA
                                                                                                                                                                                          SHA1:269C4B1C7D4F0480049EF462B4D98A392613ED2E
                                                                                                                                                                                          SHA-256:C510BA44B350C8995F76C424BA383FF71FCA2482D920A80FB5C337F06BC8EC42
                                                                                                                                                                                          SHA-512:F1CF4314B7BB890E1F24645AE7C483202B0D69231AEB0FDFEE0BBEB1B35398BB62CC4225E6FD3C03A43CE69979957873BC42D42804CECA01EA0D99B5EF94482F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(...4..Ooy retne........................[...q/.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):2.9972243200613975
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5E1CA127A4D43FEEB1F774C32CC71FAA
                                                                                                                                                                                          SHA1:269C4B1C7D4F0480049EF462B4D98A392613ED2E
                                                                                                                                                                                          SHA-256:C510BA44B350C8995F76C424BA383FF71FCA2482D920A80FB5C337F06BC8EC42
                                                                                                                                                                                          SHA-512:F1CF4314B7BB890E1F24645AE7C483202B0D69231AEB0FDFEE0BBEB1B35398BB62CC4225E6FD3C03A43CE69979957873BC42D42804CECA01EA0D99B5EF94482F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:(...4..Ooy retne........................[...q/.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Shared Dictionary\db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 11, cookie 0x8, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45056
                                                                                                                                                                                          Entropy (8bit):0.40813221339801603
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7C86C0A51A889FEF2886135262FBB1ED
                                                                                                                                                                                          SHA1:C19182B0AE7F8CDDCC5F835EB01C93C4B5A7BE8E
                                                                                                                                                                                          SHA-256:E8E1A6894109AF2955E1C6DE54921452C926058576CEF56AE654A357404FCBD9
                                                                                                                                                                                          SHA-512:0A9580D95CFF5F6E9C16651331BBA41FD7CAB2AAAE027B69498763F25CF6DF91E0E527A2735566A92D63C63CE62E2069B1760C241A11C07F904C84071121F352
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....~.........Z..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Shortcuts

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):0.44194574462308833
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40
                                                                                                                                                                                          Entropy (8bit):3.473726825238924
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                          SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                          SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                          SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.On.!................database_metadata.1

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):291
                                                                                                                                                                                          Entropy (8bit):5.084838913950598
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:B57F17FA7B6F6475E27EC11299361B40
                                                                                                                                                                                          SHA1:18FC315287FF9F61A60866A122208E2780F9F5B5
                                                                                                                                                                                          SHA-256:EFB53E701B9ED50857257E03F6DB19B88B8EA9E44D499064E41A92A85D84E1C4
                                                                                                                                                                                          SHA-512:0260368A9EBDA3B39F7C76CC232839A2826B19A29C6A5A572B3AAB318B428E1048F8E04411EE4B90247C66F48C41CD615919D8F249A4A6E3039A59B335831737
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:00.890 1f0c Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database since it was missing..2024/03/06-10:36:03.494 1f0c Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):46
                                                                                                                                                                                          Entropy (8bit):4.019797536844534
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                          SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                          SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                          SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):267
                                                                                                                                                                                          Entropy (8bit):5.235262959706471
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:44097EDC7E0A18E85687B0F3FBF47C94
                                                                                                                                                                                          SHA1:AC5CE83905F95022E38C497033A49242313143BA
                                                                                                                                                                                          SHA-256:4F655E27CC57872794466B2A3BEA69C2387764FDC6F945020A9DD6B6611DB849
                                                                                                                                                                                          SHA-512:374C9E66C631BDEFA126D09C953F15481F206A46E08CC6938C671C431ACDB6B58AC2D2D4536D8B0D11FC9B1F3911DDACD7675B0B32DF74AC7F6FD45D20D8FA7B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:00.891 1494 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB since it was missing..2024/03/06-10:36:03.775 1494 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Top Sites

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):0.375597039055199
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:8C7D45D642EABC72A37E8C4D1ABAD65E
                                                                                                                                                                                          SHA1:BFFA29FD9A30F53336F987FEC4CDF0788ABE20C1
                                                                                                                                                                                          SHA-256:270E8A34810ED611D970F37CF72528AAF45456718F50D4077889637374685A84
                                                                                                                                                                                          SHA-512:28C2BF727A15D11DBEC3C54CF1A7CCAF1ED59C4DC52914D73DF93E5F496C267922AA866B99F06BA295EC7C75084EA6632C0E2C2CDB0474281559EC152A670407
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Visited Links

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):131072
                                                                                                                                                                                          Entropy (8bit):0.004502568094804893
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:4C3686BECC74EDF25481D0FF422D8D35
                                                                                                                                                                                          SHA1:E9C0DA58D5526B9D98258C08AE2F3A82D5A57C90
                                                                                                                                                                                          SHA-256:8F704B1765A67D4E27E8F922CC347649D4BD8B33606E2A99390325E467A61362
                                                                                                                                                                                          SHA-512:7602009AB0E2739F47E9A51A8ADDA01DB28730A3D2832AB9AC7954E8DD598D18C15ADB790275F69C581201ECBA817B6520CC499B7AAF3E3B28A71993EA947761
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:VLnk.....?......2..*...A................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm\1e60fd25-e3be-47da-ba6d-97f976230b48.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28134
                                                                                                                                                                                          Entropy (8bit):4.6192880827651255
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7649A1AD4DAB9AF22FB0DC10A3387AC3
                                                                                                                                                                                          SHA1:80505EB7619536E8AA806AE38A82F26671FF4E16
                                                                                                                                                                                          SHA-256:4BB154D3011F21F0032B2657AD61C49A0954C26AB5BAEF20469D986681A8FF50
                                                                                                                                                                                          SHA-512:6432268B7A2431F385E2465FA9E4F9DFC81F3F912521BC498158EA6C5DE4746EF46E1CB766D63B6930BC7FBD2F90B71193A0A1C205FE5BB81EC8DC4C4C26EB96
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ............................=...zb...Tl.[w.~...............\f...}.......\z..k..&...............}...........p..B........Zt............................[u.~\y..............................y..&...E..........t........r............................`|.........................gd...Vr..................................(............. .............................~..c...%....e~..`|.u...................Ep...c.....Tk...Qp.....<................n...T...............]u.....@..............0....Zt.........................e~.j..........................x........a{.vRo.............................m...........;d...............rT................................x...........................@..............[........Ol..Wt..................................[x..^|..........................................(............. ...........................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 9 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28134
                                                                                                                                                                                          Entropy (8bit):4.6192880827651255
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7649A1AD4DAB9AF22FB0DC10A3387AC3
                                                                                                                                                                                          SHA1:80505EB7619536E8AA806AE38A82F26671FF4E16
                                                                                                                                                                                          SHA-256:4BB154D3011F21F0032B2657AD61C49A0954C26AB5BAEF20469D986681A8FF50
                                                                                                                                                                                          SHA-512:6432268B7A2431F385E2465FA9E4F9DFC81F3F912521BC498158EA6C5DE4746EF46E1CB766D63B6930BC7FBD2F90B71193A0A1C205FE5BB81EC8DC4C4C26EB96
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............ .H............. ............... .p............. .h............. ............... ......... .... .........((.... .h....-..00.... ..%..>H..(............. ............................=...zb...Tl.[w.~...............\f...}.......\z..k..&...............}...........p..B........Zt............................[u.~\y..............................y..&...E..........t........r............................`|.........................gd...Vr..................................(............. .............................~..c...%....e~..`|.u...................Ep...c.....Tk...Qp.....<................n...T...............]u.....@..............0....Zt.........................e~.j..........................x........a{.vRo.............................m...........;d...............rT................................x...........................@..............[........Ol..Wt..................................[x..^|..........................................(............. ...........................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Applications\_nwjs_npaimmhhjcfhbdogdfcmlldgglpldhbm\FAST!.ico.md5

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.875
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C8EB2C4BEC8226D567DBE9DFB508DA7C
                                                                                                                                                                                          SHA1:B4089FB427D35068F8824AC78867FFAACA200DBE
                                                                                                                                                                                          SHA-256:768E68A4AD1333A64352F7199CBB54C5F797E70E4ACCDB86829EB98272603A23
                                                                                                                                                                                          SHA-512:5CBFE5915112A6DD803A63F42A34643A524FF7F3E7D8299636BA25F83228B7CECCDCADE9B82D0E2E5D9A96A401B857DE2B25F2468D8C418F577764F3BD02D688
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:...b......Yt=W..

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\Web Data

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 55, cookie 0x22, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):112640
                                                                                                                                                                                          Entropy (8bit):1.1266112260624017
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D846BF06CD5E229B4338D1D83CA37963
                                                                                                                                                                                          SHA1:96037D204EB1C14D8463C6BC7477F14D71B74A90
                                                                                                                                                                                          SHA-256:C4DC1E9ACD49A02AEB12E7777104D218321230E6FD6E3DE60504490369CE4006
                                                                                                                                                                                          SHA-512:59899AB9E776A8CDA8856C012F3048E095CF8A491FF44FF91C4EDA1D2797CFFED2BD0B0061574F1C8508F9D39AB2F3806DACC3F3EF88CD4FE4B9FE7645D8070A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ .......7..........."......................................................j............2........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                          Entropy (8bit):0.41235120905181716
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                                                                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                                                                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                                                                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\b51077d0-5ee1-4961-889a-b5d1c6c1b16b.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4165
                                                                                                                                                                                          Entropy (8bit):4.91390599696784
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C4040A7675EFDC413BD17C6467F363A1
                                                                                                                                                                                          SHA1:7B4CC985F397E32DBDFCCAAA527F0D5BD059160A
                                                                                                                                                                                          SHA-256:C1DF076BD40B359052BF431E37CD7841DE46AA8E27D24507DA3ABF47E87668CE
                                                                                                                                                                                          SHA-512:655584D0A0B0E09B923BF52FB0DC22FABBB66236C32029320CD1215F4423B11C98B832B259DF4B4DD36CCD4C88F330FD43CD24FC638485F4EDB11B111D128645
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"autocomplete":{"retention_policy_last_version":119},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\bc883f47-b3c7-43e4-bd3f-b1f868e4f1f6.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3844
                                                                                                                                                                                          Entropy (8bit):4.899677892735912
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:670440695F1F805BE6CABDE16F4CEE59
                                                                                                                                                                                          SHA1:92ACF421500273D42A2B397036DF73083F8B0F8C
                                                                                                                                                                                          SHA-256:BAE2AE0FF3873E4D7FD20660EDEF0848AA3FED1D010D4D3E369712F456F8435E
                                                                                                                                                                                          SHA-512:4391C37EB01D2C9C223DB6C2CF4B73F1B98F69B81607D062B0244C20B45914C7459F2A6B5D1154C209861BF787B7CD21A04C5471D43412D5B4C111CA49C5A880
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"account_tracker_service_last_update":"13354191363885213","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13354191360935305","apps":{"shortcuts_arch":"","shortcuts_version":0},"browser":{"has_seen_welcome_page":false},"countryid_at_install":17224,"dips_timer_last_update":"13354191367143967","domain_diversity":{"last_reporting_timestamp":"13354191363822786"},"extensions":{"alerts":{"initialized":true},"chrome_url_overrides":{},"last_chrome_version":"119.0.6045.105"},"gcm":{"product_category_for_subtypes":"com.nwjs.windows"},"google":{"services":{"consented_to_sync":false,"signin_scoped_device_id":"d1999d0e-075f-4ac5-8c19-d53950aa44e3"}},"invalidation":{"per_sender_topics_to_handler":{"1013309121859":{}}},"media":{"engagement":{"schema_version":5}},"media_router":{"receiver_id_hash_token":"zbHBBzMUZwopCPBM+XSz6qqDw20Vr9ZVCozCCcB7kYwX8pGvOS7S3IcoIDiDvCUgPWe/Seyl+Ynemt9AThtRVg=="},"ntp":{"num_personal_suggestions":1},"optimization_guide":{"previ

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\d9c5eb77-df89-4331-82d5-5a16986b773c.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):151668
                                                                                                                                                                                          Entropy (8bit):1.0550957398929903
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:728FE78292F104659FEA5FC90570CC75
                                                                                                                                                                                          SHA1:11B623F76F31EC773B79CDB74869ACB08C4052CB
                                                                                                                                                                                          SHA-256:D98E226BEA7A9C56BFDFAB3C484A8E6A0FB173519C43216D3A1115415B166D20
                                                                                                                                                                                          SHA-512:91E81B91B29D613FDDE24B010B1724BE74F3BAE1D2FB4FAA2C015178248ED6A0405E2B222F4A557A6B895663C159F0BF0DC6D64D21259299E36F53D95D7067AA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .V....M..(............. .........................................................................................................................................................................................................................................................................................................................(............. ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\databases\Databases.db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                          Entropy (8bit):0.3410017321959524
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\e53e3e29-9957-482a-9322-e5c111a505a3.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4068
                                                                                                                                                                                          Entropy (8bit):5.518360534084392
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:044319BA6ED33ECF862090DFB9456C61
                                                                                                                                                                                          SHA1:17D52B0BDAF1F1D60694FC98ABA78551DBB2FFA1
                                                                                                                                                                                          SHA-256:5E2E91E2F4BFE4A817D199E3D985BDBCB6516623A6D749605FCD756BD38C8BF5
                                                                                                                                                                                          SHA-512:E8287492435DEDA0799DF25575346E077B24943961902721F674B0BC44E4FC5ADF555AB6D1DA4EFC742BBA424AF24C88C53A4DD4DDD9233A4581A3773A37D32D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354191360938141","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354191360938141","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\fa5fec2f-d92d-4b29-838f-ebe51494cb66.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4107
                                                                                                                                                                                          Entropy (8bit):5.516476412942369
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0E015A1E142FF95C84E41F8D45791E23
                                                                                                                                                                                          SHA1:384BBE1EF760B01D482C070BEE1355A6E3DC6FE0
                                                                                                                                                                                          SHA-256:364C9923078A3CCB7BB434784023402449EE40E07F90156454B64656F3FF11AF
                                                                                                                                                                                          SHA-512:85E2ACE2B4BBE217391F512D0C13F502C80111238F4DC9F1CECAE5D0652A7A1C9B8AF9439421D67D17013D4DFB48EA816097BC733499E1C37C939BD55406DD88
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"extensions":{"settings":{"mhjfbmdgcfjbbpaeojofohoefgiehjai":{"active_permissions":{"api":["contentSettings","fileSystem","fileSystem.write","metricsPrivate","tabs","resourcesPrivate","pdfViewerPrivate"],"explicit_host":["chrome://resources/*","chrome://webui-test/*"],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354191360938141","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354191360938141","location":5,"manifest":{"content_security_policy":"script-src 'self' 'wasm-eval' blob: filesystem: chrome://resources chrome://webui-test; object-src * blob: externalfile: file: filesystem: data:","description":"","incognito":"split","key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDN6hM0rsDYGbzQPQfOygqlRtQgKUXMfnSjhIBL7LnReAVBEd7ZmKtyN2qmSasMl4HZpMhVe2rPWVVwBDl6iyNE/Kok6E6v6V3vCLGsOpQAuuNVye/3QxzIldzG/jQAdWZiyXReRVapOhZtLjGfywCvlWq7Sl/e3sbc0vWybSDI2QID

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                          Entropy (8bit):0.35226517389931394
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                                          SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                                          SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                                          SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):5681
                                                                                                                                                                                          Entropy (8bit):6.54169894753027
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:BA2301A39AC4B00F6137BD1640F58DC9
                                                                                                                                                                                          SHA1:5279AEE5674A319F183D5A1AD2374F74E6769379
                                                                                                                                                                                          SHA-256:A416641E90C3C52D5B24D029711AA0F1DB73166D5964C0D3A8D1CD4F2D0BF3CF
                                                                                                                                                                                          SHA-512:11FD0FE608A2908921E9CFB370FBDA1542D5E6CCBA70D0A0B74D4C9FB5290AF6D880E020484D54BBF3026B6D963A551713B59CC5C74CD83D3DF98D371E4EA5F9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1.f.G.................37_DEFAULT_16v...h.... .(.0.R*.(....Session.TotalDuration.T<.A..GO .(.0.../.'.%....?..ChromeLowUserEngagement..Other...... .(....10..[l.................37_DEFAULT_21........... .(.0.RZ.X...CCommerce.PriceDrops.ActiveTabNavigationComplete.IsProductDetailPage.w.cG$.. .(.0.8.R9.7...$Autofill_PolledCreditCardSuggestions...c..vP. .(.0...$........?..ShoppingUser..Other...... .(....10../.^.................37_DEFAULT_23........... .(.0.RH.F...1Omnibox.SuggestionUsed.ClientSummarizedResultType.q/.v.g:` .(.0.8.h...8.0........?..Low......@..Medium......A..High..None...... .(....10..>\..................37_DEFAULT_27........... .(.0.R=.;...."%..wait_for_device_info_in_seconds..60*.SyncDeviceInfoh.p...t.r.p....AndroidPhone..IosPhoneChrome..AndroidTablet..IosTablet..Desktop..Other..SyncedAndFirstDevice..NotSynced....= .(....10.gc..6................37_DEFAULT_1001............ .(.0.R+.)....Sync.DeviceCount2..|u3.. .(

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):261
                                                                                                                                                                                          Entropy (8bit):5.24954452687743
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:6488CEC23DAE5FC1D91D09D7183AAEBA
                                                                                                                                                                                          SHA1:4264E2A75BCBED5D74A3C5F85D234DBF72970835
                                                                                                                                                                                          SHA-256:6DAD49573FEBF009FE2203A0D52471A586CA8AD1A42D772A359FCAB4DC91627F
                                                                                                                                                                                          SHA-512:A6750613D3AA2E928BF0EFA5E86DE9638E2678BB44289B55C29083ED6481343A9CCEC7930DF44396E1F537A4A7C27BF3D77ED2F2107427B4CB317BD3FE134C23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:03.866 a24 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db since it was missing..2024/03/06-10:36:04.055 a24 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):932
                                                                                                                                                                                          Entropy (8bit):3.952762007068469
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:15C71B1982B9FAA928BE5D4FF4DBA774
                                                                                                                                                                                          SHA1:BE81EB04DED0DEDA0C4956AB1A65DD88E90D9784
                                                                                                                                                                                          SHA-256:5273141F6F727B461E9462424685320137B66C5683643FF9E014DDEBE515FAE0
                                                                                                                                                                                          SHA-512:2608BC4DBA64F5613BF45DF8759A8E9DC0970107D508B61122115B9F983620F60A73F521535918FE9DE8BD55CB5C49E5D5377497098A4380431936AADBA1DC04
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.h.6.................__global... .t...................__global... ...w.................44_.....g....................49_.....zw.).................48_......G&..................33_.......Z..................44_......(.O.................49_......@G..................48_.....Jp...................33_......x...................41_......5[r.................41_........_.................20_.....xS\}.................20_.....7..L.................19_..........................37_.....9 '<.................38_........J.................39_.......?..................3_......r+..................4_..........................20_.....v.3..................20_.....9....................19_.......}..................37_.....1.Q.................38_........3.................39_........J.................3_.....8....................4_..........................21_......U..................9_.....4-Pw.................21_........... .............9_.....

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16
                                                                                                                                                                                          Entropy (8bit):3.2743974703476995
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):279
                                                                                                                                                                                          Entropy (8bit):5.209015311715928
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7BBCFE22B93552F48EBDA3BE1B49C386
                                                                                                                                                                                          SHA1:1BB049767C7459B658EFBE893154D361ABDEB185
                                                                                                                                                                                          SHA-256:8E727579852E9F1AF0108FD533615C573F30584689E88E079958DAB5F723354D
                                                                                                                                                                                          SHA-512:4EDBA90F29A13BB3D0DC5A5C943786627C145EA5BF728F219494636BA4E73650D60F2408E94FD60E1C29ECFB128F4F295FA9342D574217C03508321D68193F4B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:2024/03/06-10:36:03.823 a24 Creating DB C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata since it was missing..2024/03/06-10:36:03.854 a24 Reusing MANIFEST C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:OpenPGP Secret Key
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):41
                                                                                                                                                                                          Entropy (8bit):4.704993772857998
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_0

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_2

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\data_3

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GrShaderCache\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:179B16D5F9A0F889514024B3808959D2
                                                                                                                                                                                          SHA1:5BB6BBED8C4988A380C91D81E7C236E0FDB05BFC
                                                                                                                                                                                          SHA-256:BD6025A50B02EEF2DCF4F61E6C23246B488108973A8E9184AFD96E41A847058E
                                                                                                                                                                                          SHA-512:CD37A8E0927FD2B1A6E67AE4BD29BD2A087BFC244DDE3C4BFF3FFD81AD70340BF50998CF562BF9078FEDC498B8A5B581FE70A32AECD8E54ADB2B561A10DA395B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........................................I...q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_0

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_2

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\data_3

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\GraphiteDawnCache\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:6BDBC3146735AD0CE0C00C4BDB31C254
                                                                                                                                                                                          SHA1:A23D782BEE7FE68934B40454652F9027F9523D2E
                                                                                                                                                                                          SHA-256:34D3B2FAC02C12C2077862585DEED960ACA821AE3EE6A852DED5EA6E8382DBE7
                                                                                                                                                                                          SHA-512:6F65A22E29BAF899557A550C93046E7CFF5210D6D22F64111F80C59DA87FDC3E7DBC1FD64043EE8C2345B05DB1593BBC174E0AD99AC53199CB82BB29E8FF46C3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.........................................Y...q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Last Browser

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):80
                                                                                                                                                                                          Entropy (8bit):3.267091859889593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A53422B82D0B8F8E25E193BF62452674
                                                                                                                                                                                          SHA1:66D47426A865A6F2E2D1BBEA6A9832C0872EF17F
                                                                                                                                                                                          SHA-256:3687983DC312C0426D92B2094540DA529249D5B8C23E7A25154BF42EFED754AD
                                                                                                                                                                                          SHA-512:2C9B0A9AD46930DB253476CD363A0633752C7DED10970A2985C681B019E1F6FE764755D6F1A904FB7820A959C39B9B4B0E0632FA1CE839E930FA144197096AC8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.n.w.j.s.\.n.w...e.x.e.

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Last Version

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14
                                                                                                                                                                                          Entropy (8bit):2.6455933144511468
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7FBACBA300F2A4D7D19A510D7DA4CF3F
                                                                                                                                                                                          SHA1:82A371D323A11C7195567F77036214AC315BC2C4
                                                                                                                                                                                          SHA-256:685029F648BEBC43B71E8DF8944A7BFDBAAF4F6535BC08BD791650339663E214
                                                                                                                                                                                          SHA-512:2FD2ECAA4CD537925636D05EA53CE52030AD2ABC61F99913A8E4D64FE377E8177C291ED92E572CB94B44CCFCF96022528A7F55B1BB01A6F0C3F6285EA6BAB1A0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:119.0.6045.105

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Local State (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                                          Entropy (8bit):5.692462672816023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C3E6F38C88677C5ED6F2309E06E55D00
                                                                                                                                                                                          SHA1:6066CFE4A70E16FC869B0FEB3619ADBD70A7DE0D
                                                                                                                                                                                          SHA-256:64BB21B995C7D26036B02A281280C8D3D8C9638A919F02215EBBA6CE91B84AEC
                                                                                                                                                                                          SHA-512:4DF9DF9DAB2362A7A278CE37C76BA2C7330953AD94460CF0B4393FB03EF26EB509FC30D57DA18E1A630EF87C6BA3298B67767E9BEDA425C756BB79C5CEE8875A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"profile":{"info_cache":{},"profile_counts_reported":"13354191360641963","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709717760"},"user_experience_metrics":{"low_entropy_source3":20,"pseudo_low_entropy_source":5416,"stability":{"browser_last_live_timestamp":"13354191360561163","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF58b2e8.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                                          Entropy (8bit):5.692462672816023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C3E6F38C88677C5ED6F2309E06E55D00
                                                                                                                                                                                          SHA1:6066CFE4A70E16FC869B0FEB3619ADBD70A7DE0D
                                                                                                                                                                                          SHA-256:64BB21B995C7D26036B02A281280C8D3D8C9638A919F02215EBBA6CE91B84AEC
                                                                                                                                                                                          SHA-512:4DF9DF9DAB2362A7A278CE37C76BA2C7330953AD94460CF0B4393FB03EF26EB509FC30D57DA18E1A630EF87C6BA3298B67767E9BEDA425C756BB79C5CEE8875A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"profile":{"info_cache":{},"profile_counts_reported":"13354191360641963","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709717760"},"user_experience_metrics":{"low_entropy_source3":20,"pseudo_low_entropy_source":5416,"stability":{"browser_last_live_timestamp":"13354191360561163","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF58de00.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                                          Entropy (8bit):5.692462672816023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C3E6F38C88677C5ED6F2309E06E55D00
                                                                                                                                                                                          SHA1:6066CFE4A70E16FC869B0FEB3619ADBD70A7DE0D
                                                                                                                                                                                          SHA-256:64BB21B995C7D26036B02A281280C8D3D8C9638A919F02215EBBA6CE91B84AEC
                                                                                                                                                                                          SHA-512:4DF9DF9DAB2362A7A278CE37C76BA2C7330953AD94460CF0B4393FB03EF26EB509FC30D57DA18E1A630EF87C6BA3298B67767E9BEDA425C756BB79C5CEE8875A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"profile":{"info_cache":{},"profile_counts_reported":"13354191360641963","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709717760"},"user_experience_metrics":{"low_entropy_source3":20,"pseudo_low_entropy_source":5416,"stability":{"browser_last_live_timestamp":"13354191360561163","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF591bd4.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                                          Entropy (8bit):5.692462672816023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C3E6F38C88677C5ED6F2309E06E55D00
                                                                                                                                                                                          SHA1:6066CFE4A70E16FC869B0FEB3619ADBD70A7DE0D
                                                                                                                                                                                          SHA-256:64BB21B995C7D26036B02A281280C8D3D8C9638A919F02215EBBA6CE91B84AEC
                                                                                                                                                                                          SHA-512:4DF9DF9DAB2362A7A278CE37C76BA2C7330953AD94460CF0B4393FB03EF26EB509FC30D57DA18E1A630EF87C6BA3298B67767E9BEDA425C756BB79C5CEE8875A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"profile":{"info_cache":{},"profile_counts_reported":"13354191360641963","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709717760"},"user_experience_metrics":{"low_entropy_source3":20,"pseudo_low_entropy_source":5416,"stability":{"browser_last_live_timestamp":"13354191360561163","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Local State~RF59b351.TMP (copy)

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):866
                                                                                                                                                                                          Entropy (8bit):5.692462672816023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C3E6F38C88677C5ED6F2309E06E55D00
                                                                                                                                                                                          SHA1:6066CFE4A70E16FC869B0FEB3619ADBD70A7DE0D
                                                                                                                                                                                          SHA-256:64BB21B995C7D26036B02A281280C8D3D8C9638A919F02215EBBA6CE91B84AEC
                                                                                                                                                                                          SHA-512:4DF9DF9DAB2362A7A278CE37C76BA2C7330953AD94460CF0B4393FB03EF26EB509FC30D57DA18E1A630EF87C6BA3298B67767E9BEDA425C756BB79C5CEE8875A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAAAJYRA9pLwDT7iDNtlqbB1yEAAAAAoAAABuAHcAagBzAAAAEGYAAAABAAAgAAAAWi14sVgplo+TelYnRkbNAN8yOAFbbz/fgimu9kXZN1IAAAAADoAAAAACAAAgAAAAn+91OdxI3/8f7JZTBrGrWYkIf5X0ZydnJPJD1EVr6PcwAAAAK8ui2Y77wfrzYQHNh15Uw4894M8ZdvLW01znjg0xumv12eTP68qTYLK2q7HjfWdEQAAAAPCOlmvykw7At/2fPRUfEamWqj78b207cPfjiDkNTnFS5r/wuqpHZmlSX9qpw5+d5GMsjppcWVwkwQXc1Ei8CUE="},"profile":{"info_cache":{},"profile_counts_reported":"13354191360641963","profiles_order":[]},"uninstall_metrics":{"installation_date2":"1709717760"},"user_experience_metrics":{"low_entropy_source3":20,"pseudo_low_entropy_source":5416,"stability":{"browser_last_live_timestamp":"13354191360561163","stats_buildtime":"1683435600","stats_version":"119.0.6045.105-64-devel","system_crash_count":0}}}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_0

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.01057775872642915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                          SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                          SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                          SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_1

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):270336
                                                                                                                                                                                          Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                          SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                          SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                          SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_2

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.011852361981932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                          SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                          SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                          SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\data_3

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8192
                                                                                                                                                                                          Entropy (8bit):0.012340643231932763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                          SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                          SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                          SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\ShaderCache\index

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):262512
                                                                                                                                                                                          Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:FDA7250ABD63286F9DA248FDE35DA58D
                                                                                                                                                                                          SHA1:7901C2581496656001588AEC01C7AA4B19D55C26
                                                                                                                                                                                          SHA-256:D837AB04D6EE74857CED25F0FF36D22BFF82C626DD0CCAFCACFE81637D79841D
                                                                                                                                                                                          SHA-512:440DAB09DAA66187CB9A297DE4C538DCE9AE4374DCAF09074B93F35C44ABD70CEDAD028136A2AEA1069EF4D62EEE5530B938E92C60B735B12F6F98C4BA6E8B74
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................9nQ..q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\Variations

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):86
                                                                                                                                                                                          Entropy (8bit):4.3751917412896075
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                          SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                          SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                          SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                          C:\Users\user\AppData\Local\FAST!\User Data\segmentation_platform\ukm_db

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 7, cookie 0x6, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                          Entropy (8bit):0.35721947592478775
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CF7B71E1F446640439290AAD6A36394F
                                                                                                                                                                                          SHA1:3B9BFB524A8A82980E72DF39872AE77363CC9F85
                                                                                                                                                                                          SHA-256:3B8B5249AF39D78D22B02D9E0E4DC26266086BBB77CAADBF28F1E38E8944691D
                                                                                                                                                                                          SHA-512:C1707F678A11F0E3DED6D0634506554AC3E19D82A839991E1EDEE41BC70A0A6164F4AF4DE325B18E2BCB22C6C0CE21F62B6497FC54FCEBF0409FBF986519B84E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..................x..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\7428ac27-01f8-4c3b-8345-3b011ec38ade.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          File Type:PNG image data, 234 x 72, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):766433
                                                                                                                                                                                          Entropy (8bit):7.998144724333749
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:5782F710924DB80F936025C2A2D4101D
                                                                                                                                                                                          SHA1:5107C362330D4DD0B2048A0ED55C11F465E528B0
                                                                                                                                                                                          SHA-256:A2F504B8484B529F096229E2109D6623CBC280C0861918C10C46A1C6D39FEE49
                                                                                                                                                                                          SHA-512:C172DA096780DD52A4546519AAB6B63C5704524FEDB02E12CC9BE9EDB705553E72DECDDF772CB36F827F58805A65A3425F9279481A288A56C8BA96BDDA793780
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR.......H......@i.....pHYs.................sRGB.........gAMA......a...:.IDATx.}}K.lIr.{.V.......5d..5...i.....A.v.v....`.5.Q..<...]]U7.?O....+....y.....s.8qNf\.........._..Z._.......)...:.v...:(^Geb..s~l.Qh............u..X...b....oI>N.........C.<2..i....W...............6}.v^}...??...$......k..^m........5..X......g.......T.:........^........O..J....F....#.n..X...>z.G.|:.Vc.n......d.p......1.....z..c..v...D...zW.C.7....r.y....d..P.o.....i3..A#...m......o...7..8.__....?...0.....O..}..?.A<.:.....2.wEP..Y..?.%...<g/..qr.........K.......%..`...jn..$)......!.C.............6..O..L#.v....#.&-;..t...!..i.w..".<:/...H8......l..6/......c.y..u..m.}.....C..).v.?........n...O..0./...i|..O.......G. ...~.......{._...z.!6/.\..:n7..@.........o%..v.....6......`......$... 3.A3l.v\...<.E..T.N6...\.2d..T~..y*.R.MYb.$[.e...sg.P..o........f.<.].u#R.Gz.$..-b...8...E.U5.R..*E..O.#.....2./...x>..o.......w.~....L...~.........F.&.z9...V..2

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\BigTestFile

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:modified
                                                                                                                                                                                          Size (bytes):25600000
                                                                                                                                                                                          Entropy (8bit):0.022346260236084957
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:44FB8F21B6795D6CF2F1F5A5484920DF
                                                                                                                                                                                          SHA1:2E319197D4658E4DF3AAA447C02CDA27637A9AC4
                                                                                                                                                                                          SHA-256:BAC18353056434C0E46E6AB842551AAD43A8DFE03C060167F3D02CBD46825046
                                                                                                                                                                                          SHA-512:07A7C97F3D03AD1F418EE31F7D6A3F4D474FCDCF250387433B779A41F042783810276CDADF0542670049E13659A05544F60DED4982C89F0DF25B967423D61FEF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsh723C.tmp\Banner.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4096
                                                                                                                                                                                          Entropy (8bit):3.679447058913102
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A1B9BDEE9FC87D11676605BD79037646
                                                                                                                                                                                          SHA1:8D6879F63048EB93B9657D0B78F534869D1FFF64
                                                                                                                                                                                          SHA-256:39E3108E0A4CCFB9FE4D8CAF4FB40BAA39BDD797F3A4C1FA886086226E00F465
                                                                                                                                                                                          SHA-512:CD65D18ECA885807C7C810286CEBEF75555D13889A4847BB30DC1A08D8948893899CC411728097641A8C07A8DCC59E1C1EFA0E860E93DADA871D5B7ACC61B1E5
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........b.............................. ......0#......Rich............................PE..L....Oa...........!......................... ...............................P............@.........................."..h...l ..<............................@....................................................... ..l............................text...j........................... ..`.rdata..(.... ......................@..@.data...<....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsh723C.tmp\System.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):5.814115788739565
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                          SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                          SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                          SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsh723C.tmp\inetc.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):39424
                                                                                                                                                                                          Entropy (8bit):4.684597989866362
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                          SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                          SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                          SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsh723C.tmp\modern-wizard.bmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26494
                                                                                                                                                                                          Entropy (8bit):1.9568109962493656
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                                                                                          SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                                                                                          SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                                                                                          SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsDialogs.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9728
                                                                                                                                                                                          Entropy (8bit):5.158136237602734
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:6C3F8C94D0727894D706940A8A980543
                                                                                                                                                                                          SHA1:0D1BCAD901BE377F38D579AAFC0C41C0EF8DCEFD
                                                                                                                                                                                          SHA-256:56B96ADD1978B1ABBA286F7F8982B0EFBE007D4A48B3DED6A4D408E01D753FE2
                                                                                                                                                                                          SHA-512:2094F0E4BB7C806A5FF27F83A1D572A5512D979EEFDA3345BAFF27D2C89E828F68466D08C3CA250DA11B01FC0407A21743037C25E94FBE688566DD7DEAEBD355
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|..c8O`08O`08O`08Oa0.O`0.@=05O`0llP0=O`0.If09O`0.od09O`0Rich8O`0........PE..L.....Oa...........!.........0......g........0............................................@..........................6..k....0.......p...............................................................................0...............................text............................... ..`.rdata..{....0......................@..@.data...h!...@......................@....rsrc........p....... ..............@..@.reloc..~............"..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):24064
                                                                                                                                                                                          Entropy (8bit):5.819708895488079
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:F4D89D9A2A3E2F164AEA3E93864905C9
                                                                                                                                                                                          SHA1:4D4E05EE5E4E77A0631A3DD064C171BA2E227D4A
                                                                                                                                                                                          SHA-256:64B3EFDF3DE54E338D4DB96B549A7BDB7237BB88A82A0A63AEF570327A78A6FB
                                                                                                                                                                                          SHA-512:DBDA3FE7CA22C23D2D0F2A5D9D415A96112E2965081582C7A42C139A55C5D861A27F0BD919504DE4F82C59CF7D1B97F95ED5A55E87D574635AFDB7EB2D8CADF2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......U.'..fI_.fI_.fI_3.H^.fI_.fH_?fI_.8M^.fI_.8I^.fI_.8._.fI_.8K^.fI_Rich.fI_........PE..L...`..Z...........!.....>..........E........P............................................@..........................X......@Z..P....p..........................H....X...............................................P...............................text...W<.......>.................. ..`.rdata.......P.......B..............@..@.data...@....`.......R..............@....rsrc........p.......T..............@..@.reloc..H............X..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\SimpleSC.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1110016
                                                                                                                                                                                          Entropy (8bit):6.62382554711905
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:7B89329C6D8693FB2F6A4330100490A0
                                                                                                                                                                                          SHA1:851B605CDC1C390C4244DB56659B6B9AA8ABD22C
                                                                                                                                                                                          SHA-256:1620CDF739F459D1D83411F93648F29DCF947A910CC761E85AC79A69639D127D
                                                                                                                                                                                          SHA-512:AC07972987EE610A677EA049A8EC521A720F7352D8B93411A95FD4B35EC29BFD1D6CCF55B48F32CC84C3DCEEF05855F723A88708EB4CF23CAEC77E7F6596786A
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L...9.`............................L........ ....@......................................................................................2......................@f......................................................X............................text............................... ..`.itext..d........................... ..`.data...x;... ...<..................@....bss....@d...`...........................idata...............<..............@....didata..............L..............@....edata...............N..............@..@.rdata..E............T..............@..@.reloc..@f.......h...V..............@..B.rsrc....2.......2..................@..@....................................@..@........................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\System.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):5.814115788739565
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:CFF85C549D536F651D4FB8387F1976F2
                                                                                                                                                                                          SHA1:D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
                                                                                                                                                                                          SHA-256:8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
                                                                                                                                                                                          SHA-512:531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....Oa...........!....."...........*.......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text.... .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\inetc.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):39424
                                                                                                                                                                                          Entropy (8bit):4.684597989866362
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:A35CDC9CF1D17216C0AB8C5282488EAD
                                                                                                                                                                                          SHA1:ED8E8091A924343AD8791D85E2733C14839F0D36
                                                                                                                                                                                          SHA-256:A793929232AFB78B1C5B2F45D82094098BCF01523159FAD1032147D8D5F9C4DF
                                                                                                                                                                                          SHA-512:0F15B00D0BF2AABD194302E599D69962147B4B3EF99E5A5F8D5797A7A56FD75DD9DB0A667CFBA9C758E6F0DAB9CED126A9B43948935FE37FC31D96278A842BDF
                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........&.[.H.[.H.[.H.O.I.R.H.[.I...H...M.Y.H...L.Z.H...H.Z.H.....Z.H...J.Z.H.Rich[.H.................PE..L...n..c...........!.....T.........._........p............................... ............@..........................x......D...d...............................t....w..8...............................................D............................text....S.......T.................. ..`.rdata.......p.......X..............@..@.data....i...........d..............@....idata..A............v..............@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\nsExec.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7168
                                                                                                                                                                                          Entropy (8bit):5.298362543684714
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:675C4948E1EFC929EDCABFE67148EDDD
                                                                                                                                                                                          SHA1:F5BDD2C4329ED2732ECFE3423C3CC482606EB28E
                                                                                                                                                                                          SHA-256:1076CA39C449ED1A968021B76EF31F22A5692DFAFEEA29460E8D970A63C59906
                                                                                                                                                                                          SHA-512:61737021F86F54279D0A4E35DB0D0808E9A55D89784A31D597F2E4B65B7BBEEC99AA6C79D65258259130EEDA2E5B2820F4F1247777A3010F2DC53E30C612A683
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........................,.................Rich...........................PE..L.....Oa...........!......................... ...............................P............@..........................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..<.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Fast!.lnk

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Tue Feb 27 08:59:24 2024, mtime=Wed Mar 6 08:35:55 2024, atime=Tue Feb 27 08:59:24 2024, length=769872, window=hide
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1938
                                                                                                                                                                                          Entropy (8bit):3.218570206135194
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:518A1C5A9495B07284ECCFEC9DF3AB47
                                                                                                                                                                                          SHA1:A7A78F19F65DEFDE7C1FFF34E7CAD30A3B0A5421
                                                                                                                                                                                          SHA-256:3F0C37B87301E96CA313A433CB92EB2576DCA0DFA7ED8D279F725DD5FCA7D9C4
                                                                                                                                                                                          SHA-512:B493E6C2604C92F00A6FFED83F43D43666D79287C2616339BB87230BDE816CC9EE176F51A81B9D356BA5941C0B3FDC9F765A8BF3DEA89029B0B1E8815C66CD93
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:L..................F.@.. ....fL.ci..@.6..o...fL.ci..P.......................s....P.O. .:i.....+00.../C:\.....................1.....fX]L..PROGRA~2.........O.IfXiL....................V......!..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....fX|L..Fast!.<......fX]LfX|L....D.......................,.F.a.s.t.!.....\.2.P...[XlO .fast!.exe.D......[XlOfXvL..............................f.a.s.t.!...e.x.e.......U...............-.......T............. H.....C:\Program Files (x86)\Fast!\fast!.exe..>.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.&.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.F.a.s.t.!...e.x.e.........%ProgramFiles%\Fast!\Fast!.exe......................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast!\Uninstall.lnk

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Mar 6 08:35:55 2024, mtime=Wed Mar 6 08:35:55 2024, atime=Wed Mar 6 08:35:55 2024, length=478629, window=hide
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1984
                                                                                                                                                                                          Entropy (8bit):3.3425320167737
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:0BE8B0C03288A1540A92A5BF47AD6ABD
                                                                                                                                                                                          SHA1:B4A3C78CB9AF58178D618F9CF612E9A7C5D49CA0
                                                                                                                                                                                          SHA-256:1C956FC07597B5DD74094F4D42481965A4EC1F81C8DDC4F4949FAC7E9B8A8935
                                                                                                                                                                                          SHA-512:7B5CF9779A3F9CEFBD78F4C81B5D8BDF40EDD34B089AFE8B19FF85A71C8AA833147224A4103729BDCEF7AFB78E5352BDE6FA8FD86EC1A37202A2DD09F944FBF2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:L..................F.@.. ...w.2..o....3..o....3..o...M...........................P.O. .:i.....+00.../C:\.....................1.....fX]L..PROGRA~2.........O.IfXiL....................V......!..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....fX|L..Fast!.<......fX]LfX|L....D.......................,.F.a.s.t.!.....l.2..M..fX|L .UNINST~1.EXE..P......fX|LfX|L..........................l.+.u.n.i.n.s.t.a.l.l.e.r...e.x.e.......[...............-.......Z............. H.....C:\Program Files (x86)\Fast!\uninstaller.exe..D.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.u.n.i.n.s.t.a.l.l.e.r...e.x.e.........%ProgramFiles%\Fast!\uninstaller.exe..................................................................................................................

                                                                                                                                                                                          C:\Users\user\Desktop\Fast!.lnk

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Feb 27 08:59:24 2024, mtime=Wed Mar 6 08:35:42 2024, atime=Tue Feb 27 08:59:24 2024, length=769872, window=hide
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1036
                                                                                                                                                                                          Entropy (8bit):4.608059911237208
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:2FAA393E77F76CE6E44706F0D355FEF1
                                                                                                                                                                                          SHA1:F6DD3313A61CC0536429CE7503ACA42ACA444DC2
                                                                                                                                                                                          SHA-256:EFF810D1668DEFF9404ED4638141C43D6729697973FE5ED89869568B6DC9D79E
                                                                                                                                                                                          SHA-512:D670E62BCC9A1FECA599F4B07F5DD666C5DDDDFDBA268245F6D85A14242743B82DAAC31D7F07F1B88A1572DFB360080967DF99FE878B1CAA8F2D8838C99E7111
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:L..................F.... ....fL.ci..d.%..o...fL.ci..P.......................s....P.O. .:i.....+00.../C:\.....................1.....fX]L..PROGRA~2.........O.IfXiL....................V......!..P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....P.1.....fX|L..Fast!.<......fX]LfX|L....D........................F.a.s.t.!.....\.2.P...[XlO .fast!.exe.D......[XlOfXvL..............................f.a.s.t.!...e.x.e.......U...............-.......T............. H.....C:\Program Files (x86)\Fast!\fast!.exe..,.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.\.f.a.s.t.!...e.x.e...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.F.a.s.t.!.........*................@Z|...K.J.........`.......X.......367706...........hT..CrF.f4... ........,.......hT..CrF.f4... ........,..................1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h

                                                                                                                                                                                          C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          File Type:JSON data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):55
                                                                                                                                                                                          Entropy (8bit):4.306461250274409
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                          Chrome Cache Entry: 337

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (1572)
                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                          Size (bytes):5776
                                                                                                                                                                                          Entropy (8bit):5.406333618109174
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:C840A8EFA9639BA51FFFF865A6D5B3ED
                                                                                                                                                                                          SHA1:00C77DA03DDCFA49CC08A7229BA8FA3F9AFCCC38
                                                                                                                                                                                          SHA-256:C3061C3788AD5783EF8A5D10C454BAFE7EB942C48200DCCC852CC6D3C9F303D4
                                                                                                                                                                                          SHA-512:E73A55A7CB4906133D3C85F7F7F5BC1435FB1AE023A565B446B9A628D2540B7501EECC6D6CDC3276871BC418C16DAAE14FF0C84E9A10A691CC40597400ECDEC1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          URL:https://fonts.googleapis.com/css?family=Open%20Sans
                                                                                                                                                                                          Preview:/* cyrillic-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4taVIGxA.woff2) format('woff2');. unicode-range: U+0460-052F, U+1C80-1C88, U+20B4, U+2DE0-2DFF, U+A640-A69F, U+FE2E-FE2F;.}./* cyrillic */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4kaVIGxA.woff2) format('woff2');. unicode-range: U+0301, U+0400-045F, U+0490-0491, U+04B0-04B1, U+2116;.}./* greek-ext */.@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. font-stretch: 100%;. src: url(https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4saVIGxA.woff2) format('woff2');. unicode-range: U+1F00-1FFF;.}./* greek */.@font-fa

                                                                                                                                                                                          Chrome Cache Entry: 338

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (64347)
                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                          Size (bytes):219855
                                                                                                                                                                                          Entropy (8bit):5.455096169333268
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:4358BCFB91CF686E83EE56BFDB956461
                                                                                                                                                                                          SHA1:E9BBDE7E677111E8093C0EB4FE4BCC53FD8867EC
                                                                                                                                                                                          SHA-256:50B6E67CFCFE4AC8FE9CEE705B681F696065306EE42BCD4E6B37A17DBA333AC5
                                                                                                                                                                                          SHA-512:C226D7CB78F8A99D9C96B384412F36C0F4A3D009E8629183F918EF41D7A3B47B3B22CBDFD1B5EAA1F8DA556B0B1C6A04342AF850E5C12242F34C4D59958BDC66
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          URL:https://connect.facebook.net/en_US/fbevents.js
                                                                                                                                                                                          Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI

                                                                                                                                                                                          Chrome Cache Entry: 339

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):675
                                                                                                                                                                                          Entropy (8bit):7.606800268124855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                          SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                          SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                          SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                          Chrome Cache Entry: 340

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                          Size (bytes):675
                                                                                                                                                                                          Entropy (8bit):7.606800268124855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:8D1ED092B3BE364DC47574F1310D2C87
                                                                                                                                                                                          SHA1:D5BBA623B5AFB4C5B6C0AD5ED04A10F1881DA595
                                                                                                                                                                                          SHA-256:07B61E98466A1F851D5DCF555AD9B901684EE622275129B98C38DA3785506FF2
                                                                                                                                                                                          SHA-512:70134A9B5B786473A56F11BA7098CA6AF568EEF97AA8704A9748A5EFDFC4F16CEE1F9C22CEA9F55660BE4FEB14D6C1B5B09A7C76076D4F813A58FECF27BB8828
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          URL:https://repository.pcapp.store/pcapp/images/fast.png
                                                                                                                                                                                          Preview:.PNG........IHDR... ... .....szz....jIDATx..VKK.Q....R."..q.....Z.|.P....."b..'.......XiE..B6.6Z.c4.8....nf.$Nf&^. d1.w..9'.*..$.(.2N.V.|.&....g...8.E.%].y.G_$8...O.H..4....%..>.N...P.....K..V9Z..4f..Y.,..T.pGi.%.?8.,@..W.'q...g...}p8....y.5r.......)......&....(.WrD_V.er.).h.....t....c~sN..u&S....Z.m|.n..c.-_.A....(...._....X....,.hBD..<Z..Yk.V..._7V...U.........;....'....F..>;B..8.^.f../.:.. a?]..\.l......&@dD.g..y.r.p.g....fG<......M...r.....c..,...FJ,W...2G...d.9Q.4..5{4D...,._Oe.......Csbw.M~......dU.........j.0W.....r...'.s6..S......n...E...V@..e.$V....rfeN7.I...z+..`..R.,.N.]...>z..i#.*.~b.....N'..~0go.].*....I.e.x........[.S......IEND.B`.

                                                                                                                                                                                          Chrome Cache Entry: 341

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          File Type:Web Open Font Format (Version 2), TrueType, length 18668, version 1.0
                                                                                                                                                                                          Category:downloaded
                                                                                                                                                                                          Size (bytes):18668
                                                                                                                                                                                          Entropy (8bit):7.988119248989337
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:
                                                                                                                                                                                          MD5:8655D20BBCC8CDBFAB17B6BE6CF55DF3
                                                                                                                                                                                          SHA1:90EDBFA9A7DABB185487B4774076F82EB6412270
                                                                                                                                                                                          SHA-256:E7AF9D60D875EB1C1B1037BBBFDEC41FCB096D0EBCF98A48717AD8B07906CED6
                                                                                                                                                                                          SHA-512:47308DE25BD7E4CA27F59A2AE681BA64393FE4070E730C1F00C4053BAC956A9B4F7C0763C04145BC50A5F91C12A0BF80BDD4B03EECC2036CD56B2DB31494CBAF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          URL:https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
                                                                                                                                                                                          Preview:wOF2......H...........H..........................|.....h.`?STAT^..0..|...........+..2..6.$..`. ..x........z'o..w;....6.E....6....E...'$H.#.....n1X..JU/.d.O..JC.'J".v.v.l.h.....u.S...SY.....B.hz.o.}......W......%m6...A..=....\..m. .]..~.[..........]...I.*.h.=.....6.xt..F....Lt...Qs-.7..{...~BI.".F.Q......F...P..dMw..#I2........Rq.Q&.0@.;..;...3VG..:c.nki..-Q..2##e.u...8n....\?....T..b....^..#...../.J|OM..St....e.S.}!.....>..i.T/a.ES%.W.P3..`..a.R.A.....!~g..74.np8o.....d[6?.P.4)P.....AG.3.......;#0.y....M..O/2.@.4..N.vA$.:M&H,.AT".........@..a.~..L->...0@h...~.._..N"......t......C./g7..............2E.N.J...TW.F..."A.B...n.......i.?.{\.L.!*.B..x...S..!........?.\,... .@.....y"xw.A8.w..!E..-^P O..+.T.r.R.zz..K..].E.....Ri.)g.P...j..w..c.M.F.v../........Q....'...(....X..;.K.!BZ3.........f.....N.A(....cA`.b'...`.~sa*^.....?..../.L.S......t..`@h..C.....>N.W...;>..._h.+~=|......uOGA{.7.....h....q.d.4$.x<.....^0|...@....@Q[RC.0....b....'...*RID

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                                                                          Entropy (8bit):7.272607365654344
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                          File name:9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          File size:120'248 bytes
                                                                                                                                                                                          MD5:8b92571e4f2e6ef1aafd903796a9c152
                                                                                                                                                                                          SHA1:f18491b49826dfbfc7760f08fd6d2339d15e0658
                                                                                                                                                                                          SHA256:0172a96a870e24b01533c188b0abc4063ecbcce6c080b88684d8129b67ff31c1
                                                                                                                                                                                          SHA512:2322983ebe02d1a62ff284742dd4d82768e1ffca397d48647ed4b1fb4d2fed2d09753e88e9f4aee23d6ac072d54f3ebc82f8bca3d7c1508b0e8713d9436899d1
                                                                                                                                                                                          SSDEEP:3072:XbG7N2kDTHUpou2e+TRZalZPzy2mGCKhn+dm/j9:XbE/HUp+dZaPryK9n+qj9
                                                                                                                                                                                          TLSH:93C3BE10B7649062F8A3CB3115A566364A7AAC21F5504F0F3FD05A4879EE3F1AF2D3E6
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:f9cc995924134d0d

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x40352d
                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                          Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                          Signature Valid:true
                                                                                                                                                                                          Signature Issuer:CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
                                                                                                                                                                                          Signature Validation Error:The operation completed successfully
                                                                                                                                                                                          Error Number:0
                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                          • 07/03/2023 00:00:00 06/03/2025 23:59:59
                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                          • CN=PC APP STORE ONLINE LTD, O=PC APP STORE ONLINE LTD, S=Lefkosia, C=CY, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CY, SERIALNUMBER=HE 437786
                                                                                                                                                                                          Version:3
                                                                                                                                                                                          Thumbprint MD5:C9665C5BA57D66E7F2CC96E181C6070C
                                                                                                                                                                                          Thumbprint SHA-1:42338B0E4ED281FE782653F3A22E056716196127
                                                                                                                                                                                          Thumbprint SHA-256:5A1ECC64D40D3C775D5BF7C895B8CE67FC39BAB2384777B0027B20BD1CDB7025
                                                                                                                                                                                          Serial:4C9F43A2452108794B4F104512219D72

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          push ebp
                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                          sub esp, 000003F4h
                                                                                                                                                                                          push ebx
                                                                                                                                                                                          push esi
                                                                                                                                                                                          push edi
                                                                                                                                                                                          push 00000020h
                                                                                                                                                                                          pop edi
                                                                                                                                                                                          xor ebx, ebx
                                                                                                                                                                                          push 00008001h
                                                                                                                                                                                          mov dword ptr [ebp-14h], ebx
                                                                                                                                                                                          mov dword ptr [ebp-04h], 0040A2E0h
                                                                                                                                                                                          mov dword ptr [ebp-10h], ebx
                                                                                                                                                                                          call dword ptr [004080CCh]
                                                                                                                                                                                          mov esi, dword ptr [004080D0h]
                                                                                                                                                                                          lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                          push eax
                                                                                                                                                                                          mov dword ptr [ebp-0000012Ch], ebx
                                                                                                                                                                                          mov dword ptr [ebp-2Ch], ebx
                                                                                                                                                                                          mov dword ptr [ebp-28h], ebx
                                                                                                                                                                                          mov dword ptr [ebp-00000140h], 0000011Ch
                                                                                                                                                                                          call esi
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          jne 00007F0430ADBC8Ah
                                                                                                                                                                                          lea eax, dword ptr [ebp-00000140h]
                                                                                                                                                                                          mov dword ptr [ebp-00000140h], 00000114h
                                                                                                                                                                                          push eax
                                                                                                                                                                                          call esi
                                                                                                                                                                                          mov ax, word ptr [ebp-0000012Ch]
                                                                                                                                                                                          mov ecx, dword ptr [ebp-00000112h]
                                                                                                                                                                                          sub ax, 00000053h
                                                                                                                                                                                          add ecx, FFFFFFD0h
                                                                                                                                                                                          neg ax
                                                                                                                                                                                          sbb eax, eax
                                                                                                                                                                                          mov byte ptr [ebp-26h], 00000004h
                                                                                                                                                                                          not eax
                                                                                                                                                                                          and eax, ecx
                                                                                                                                                                                          mov word ptr [ebp-2Ch], ax
                                                                                                                                                                                          cmp dword ptr [ebp-0000013Ch], 0Ah
                                                                                                                                                                                          jnc 00007F0430ADBC5Ah
                                                                                                                                                                                          and word ptr [ebp-00000132h], 0000h
                                                                                                                                                                                          mov eax, dword ptr [ebp-00000134h]
                                                                                                                                                                                          movzx ecx, byte ptr [ebp-00000138h]
                                                                                                                                                                                          mov dword ptr [00434FB8h], eax
                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                          mov ah, byte ptr [ebp-0000013Ch]
                                                                                                                                                                                          movzx eax, ax
                                                                                                                                                                                          or eax, ecx
                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                          mov ch, byte ptr [ebp-2Ch]
                                                                                                                                                                                          movzx ecx, cx
                                                                                                                                                                                          shl eax, 10h
                                                                                                                                                                                          or eax, ecx

                                                                                                                                                                                          Rich Headers

                                                                                                                                                                                          Programming Language:
                                                                                                                                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x4f28.rsrc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x1a8580x2d60.data
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x10000x68970x6a00ce9df19df15aa7bfbc0a8d0af0b841d0False0.6661261792452831data6.458398214928006IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rdata0x80000x14a60x1600a118375c929d970903c1204233b7583dFalse0.4392755681818182data5.024109281264143IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .data0xa0000x2b0180x60082a10c59a8679bb952fc8316070b8a6cFalse0.521484375data4.15458210408643IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                          .ndata0x360000x300000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                          .rsrc0x660000x4f280x50000217fb7f676552f4fd6495acbdb6027bFalse0.2119140625data3.841902520112591IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Resources

                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                          RT_ICON0x662080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 30000 x 30000 px/mEnglishUnited States0.16450165328294758
                                                                                                                                                                                          RT_DIALOG0x6a4300x202dataEnglishUnited States0.4085603112840467
                                                                                                                                                                                          RT_DIALOG0x6a6380xf8dataEnglishUnited States0.6290322580645161
                                                                                                                                                                                          RT_DIALOG0x6a7300xa0dataEnglishUnited States0.60625
                                                                                                                                                                                          RT_DIALOG0x6a7d00xeedataEnglishUnited States0.6302521008403361
                                                                                                                                                                                          RT_GROUP_ICON0x6a8c00x14dataEnglishUnited States1.1
                                                                                                                                                                                          RT_VERSION0x6a8d80x21cdataEnglishUnited States0.5314814814814814
                                                                                                                                                                                          RT_MANIFEST0x6aaf80x42eXML 1.0 document, ASCII text, with very long lines (1070), with no line terminatorsEnglishUnited States0.5130841121495328

                                                                                                                                                                                          Imports

                                                                                                                                                                                          DLLImport
                                                                                                                                                                                          ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                                                                                                                                                          SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                                                                                                                                                          ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                                                                                                                                                          COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                                                                                                                                                          USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                                                                                                                                                          GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                                                                                                                                                          KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                                                                                                                                                          Possible Origin

                                                                                                                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                          EnglishUnited States

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:10:34:50
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          File size:120'248 bytes
                                                                                                                                                                                          MD5 hash:8B92571E4F2E6EF1AAFD903796A9C152
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                          Start time:10:34:56
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installing.html?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                          Start time:10:34:57
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                          Imagebase:0x7ff6eef20000
                                                                                                                                                                                          File size:55'320 bytes
                                                                                                                                                                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                          Start time:10:34:57
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1808,i,5385278516166329545,13648946590053204352,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                          Start time:10:35:17
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348
                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                          File size:131'033'904 bytes
                                                                                                                                                                                          MD5 hash:599BAD8E7D2363415B86A08F4ACD243A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:Borland Delphi
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                          Start time:10:35:20
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:cmd /c "C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp" > C:\Users\user\AppData\Local\FAST!\Temp\dskres.xml
                                                                                                                                                                                          Imagebase:0x800000
                                                                                                                                                                                          File size:236'544 bytes
                                                                                                                                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                          Start time:10:35:20
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                          Start time:10:35:20
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Users\user\AppData\Local\FAST!\Temp\diskspd.exe -c100M -b4K -t1 -r -o32 -d10 -ag -h -Rxml C:\Users\user\AppData\Local\FAST!\Temp\testfile.temp
                                                                                                                                                                                          Imagebase:0xec0000
                                                                                                                                                                                          File size:144'688 bytes
                                                                                                                                                                                          MD5 hash:FC41CABDD3C18079985AC5F648F58A90
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 0%, ReversingLabs
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                          Start time:10:35:56
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://veryfast.io/installed.php?guid=71434D56-1548-ED3D-AEE6-C75AECD93BF0&_fcid=1709547169173348
                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                          Start time:10:35:56
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Program Files (x86)\Fast!\FastSRV.exe
                                                                                                                                                                                          Imagebase:0x120000
                                                                                                                                                                                          File size:187'728 bytes
                                                                                                                                                                                          MD5 hash:99A0AFAF20877C3807D5EF292FACDDC7
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 4%, ReversingLabs
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                          Start time:10:35:56
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=2004,i,7066265627927454762,6474202962807613593,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff76e190000
                                                                                                                                                                                          File size:3'242'272 bytes
                                                                                                                                                                                          MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                          Start time:10:35:56
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Program Files (x86)\fast!\fast!.exe
                                                                                                                                                                                          Imagebase:0xab0000
                                                                                                                                                                                          File size:769'872 bytes
                                                                                                                                                                                          MD5 hash:A2EF6C8CCFBEEE722F02C9744272449A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 25%, ReversingLabs
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                          Start time:10:35:57
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\fast!.exe
                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                          Commandline:C:\Program Files (x86)\Fast!\Fast!.exe
                                                                                                                                                                                          Imagebase:0xab0000
                                                                                                                                                                                          File size:769'872 bytes
                                                                                                                                                                                          MD5 hash:A2EF6C8CCFBEEE722F02C9744272449A
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                          Start time:10:35:59
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" ui\.
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                          • Detection: 4%, ReversingLabs
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                          Start time:10:36:00
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" "--metrics-dir=C:\Users\user\AppData\Local\FAST!\User Data" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x23c,0x240,0x244,0x238,0x248,0x7ffe0054a970,0x7ffe0054a980,0x7ffe0054a990
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:20
                                                                                                                                                                                          Start time:10:36:00
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=crashpad-handler "--user-data-dir=C:\Users\user\AppData\Local\FAST!\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\user\AppData\Local\FAST!\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=FAST! --annotation=ver= --initial-client-data=0x14c,0x150,0x154,0x128,0x158,0x7ff66255ca30,0x7ff66255ca40,0x7ff66255ca50
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                          Start time:10:36:00
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1900 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                          Start time:10:36:01
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --mojo-platform-channel-handle=2408 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:23
                                                                                                                                                                                          Start time:10:36:04
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=2384 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:25
                                                                                                                                                                                          Start time:10:36:05
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --nwjs --extension-process --first-renderer-process --no-sandbox --file-url-path-alias="/gen=C:\Program Files (x86)\Fast!\nwjs\gen" --no-zygote --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1709711959558165 --launch-time-ticks=5805650877 --mojo-platform-channel-handle=3128 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:1
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:26
                                                                                                                                                                                          Start time:10:36:07
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Windows\explorer.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                                                                                                                          Imagebase:0x7ff72b770000
                                                                                                                                                                                          File size:5'141'208 bytes
                                                                                                                                                                                          MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:28
                                                                                                                                                                                          Start time:10:36:14
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3936 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:30
                                                                                                                                                                                          Start time:10:36:30
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:31
                                                                                                                                                                                          Start time:10:36:31
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-GB --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --mojo-platform-channel-handle=3756 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:8
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:32
                                                                                                                                                                                          Start time:10:38:00
                                                                                                                                                                                          Start date:06/03/2024
                                                                                                                                                                                          Path:C:\Program Files (x86)\Fast!\nwjs\nw.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Program Files (x86)\Fast!\nwjs\nw.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\FAST!\User Data" --nwapp-path="ui\." --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3780 --field-trial-handle=1872,i,7555525486843094393,17324679859410257074,262144 /prefetch:2
                                                                                                                                                                                          Imagebase:0x7ff662390000
                                                                                                                                                                                          File size:2'337'112 bytes
                                                                                                                                                                                          MD5 hash:D6644E8A0C3C48607EC424BAE0FEB47E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:28.5%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:16.6%
                                                                                                                                                                                            Total number of Nodes:1352
                                                                                                                                                                                            Total number of Limit Nodes:32
                                                                                                                                                                                            execution_graph 2923 4015c1 2942 402da6 2923->2942 2927 401631 2929 401663 2927->2929 2930 401636 2927->2930 2932 401423 24 API calls 2929->2932 2966 401423 2930->2966 2939 40165b 2932->2939 2937 40164a SetCurrentDirectoryW 2937->2939 2938 401617 GetFileAttributesW 2940 4015d1 2938->2940 2940->2927 2940->2938 2954 405e39 2940->2954 2958 405b08 2940->2958 2961 405a6e CreateDirectoryW 2940->2961 2970 405aeb CreateDirectoryW 2940->2970 2943 402db2 2942->2943 2973 40657a 2943->2973 2946 4015c8 2948 405eb7 CharNextW CharNextW 2946->2948 2949 405ed4 2948->2949 2950 405ee6 2948->2950 2949->2950 2951 405ee1 CharNextW 2949->2951 2952 405e39 CharNextW 2950->2952 2953 405f0a 2950->2953 2951->2953 2952->2950 2953->2940 2955 405e3f 2954->2955 2956 405e55 2955->2956 2957 405e46 CharNextW 2955->2957 2956->2940 2957->2955 3011 40690a GetModuleHandleA 2958->3011 2962 405abb 2961->2962 2963 405abf GetLastError 2961->2963 2962->2940 2963->2962 2964 405ace SetFileSecurityW 2963->2964 2964->2962 2965 405ae4 GetLastError 2964->2965 2965->2962 3020 40559f 2966->3020 2969 40653d lstrcpynW 2969->2937 2971 405afb 2970->2971 2972 405aff GetLastError 2970->2972 2971->2940 2972->2971 2977 406587 2973->2977 2974 4067aa 2975 402dd3 2974->2975 3006 40653d lstrcpynW 2974->3006 2975->2946 2990 4067c4 2975->2990 2977->2974 2978 406778 lstrlenW 2977->2978 2981 40657a 10 API calls 2977->2981 2982 40668f GetSystemDirectoryW 2977->2982 2984 4066a2 GetWindowsDirectoryW 2977->2984 2985 406719 lstrcatW 2977->2985 2986 40657a 10 API calls 2977->2986 2987 4067c4 5 API calls 2977->2987 2988 4066d1 SHGetSpecialFolderLocation 2977->2988 2999 40640b 2977->2999 3004 406484 wsprintfW 2977->3004 3005 40653d lstrcpynW 2977->3005 2978->2977 2981->2978 2982->2977 2984->2977 2985->2977 2986->2977 2987->2977 2988->2977 2989 4066e9 SHGetPathFromIDListW CoTaskMemFree 2988->2989 2989->2977 2996 4067d1 2990->2996 2991 406847 2992 40684c CharPrevW 2991->2992 2994 40686d 2991->2994 2992->2991 2993 40683a CharNextW 2993->2991 2993->2996 2994->2946 2995 405e39 CharNextW 2995->2996 2996->2991 2996->2993 2996->2995 2997 406826 CharNextW 2996->2997 2998 406835 CharNextW 2996->2998 2997->2996 2998->2993 3007 4063aa 2999->3007 3002 40646f 3002->2977 3003 40643f RegQueryValueExW RegCloseKey 3003->3002 3004->2977 3005->2977 3006->2975 3008 4063b9 3007->3008 3009 4063c2 RegOpenKeyExW 3008->3009 3010 4063bd 3008->3010 3009->3010 3010->3002 3010->3003 3012 406930 GetProcAddress 3011->3012 3013 406926 3011->3013 3015 405b0f 3012->3015 3017 40689a GetSystemDirectoryW 3013->3017 3015->2940 3016 40692c 3016->3012 3016->3015 3018 4068bc wsprintfW LoadLibraryExW 3017->3018 3018->3016 3021 401431 3020->3021 3023 4055ba 3020->3023 3021->2969 3022 4055d6 lstrlenW 3025 4055e4 lstrlenW 3022->3025 3026 4055ff 3022->3026 3023->3022 3024 40657a 17 API calls 3023->3024 3024->3022 3025->3021 3027 4055f6 lstrcatW 3025->3027 3028 405612 3026->3028 3029 405605 SetWindowTextW 3026->3029 3027->3026 3028->3021 3030 405618 SendMessageW SendMessageW SendMessageW 3028->3030 3029->3028 3030->3021 3031 401941 3032 401943 3031->3032 3033 402da6 17 API calls 3032->3033 3034 401948 3033->3034 3037 405c49 3034->3037 3073 405f14 3037->3073 3040 405c71 DeleteFileW 3071 401951 3040->3071 3041 405c88 3042 405da8 3041->3042 3087 40653d lstrcpynW 3041->3087 3042->3071 3105 406873 FindFirstFileW 3042->3105 3044 405cae 3045 405cc1 3044->3045 3046 405cb4 lstrcatW 3044->3046 3088 405e58 lstrlenW 3045->3088 3048 405cc7 3046->3048 3050 405cd7 lstrcatW 3048->3050 3052 405ce2 lstrlenW FindFirstFileW 3048->3052 3050->3052 3052->3042 3064 405d04 3052->3064 3055 405d8b FindNextFileW 3059 405da1 FindClose 3055->3059 3055->3064 3056 405c01 5 API calls 3058 405de3 3056->3058 3060 405de7 3058->3060 3061 405dfd 3058->3061 3059->3042 3065 40559f 24 API calls 3060->3065 3060->3071 3063 40559f 24 API calls 3061->3063 3063->3071 3064->3055 3066 405c49 60 API calls 3064->3066 3068 40559f 24 API calls 3064->3068 3070 40559f 24 API calls 3064->3070 3092 40653d lstrcpynW 3064->3092 3093 405c01 3064->3093 3101 4062fd MoveFileExW 3064->3101 3067 405df4 3065->3067 3066->3064 3069 4062fd 36 API calls 3067->3069 3068->3055 3069->3071 3070->3064 3111 40653d lstrcpynW 3073->3111 3075 405f25 3076 405eb7 4 API calls 3075->3076 3077 405f2b 3076->3077 3078 405c69 3077->3078 3079 4067c4 5 API calls 3077->3079 3078->3040 3078->3041 3085 405f3b 3079->3085 3080 405f6c lstrlenW 3081 405f77 3080->3081 3080->3085 3083 405e0c 3 API calls 3081->3083 3082 406873 2 API calls 3082->3085 3084 405f7c GetFileAttributesW 3083->3084 3084->3078 3085->3078 3085->3080 3085->3082 3086 405e58 2 API calls 3085->3086 3086->3080 3087->3044 3089 405e66 3088->3089 3090 405e78 3089->3090 3091 405e6c CharPrevW 3089->3091 3090->3048 3091->3089 3091->3090 3092->3064 3112 406008 GetFileAttributesW 3093->3112 3096 405c2e 3096->3064 3097 405c24 DeleteFileW 3099 405c2a 3097->3099 3098 405c1c RemoveDirectoryW 3098->3099 3099->3096 3100 405c3a SetFileAttributesW 3099->3100 3100->3096 3102 40631e 3101->3102 3103 406311 3101->3103 3102->3064 3115 406183 3103->3115 3106 405dcd 3105->3106 3107 406889 FindClose 3105->3107 3106->3071 3108 405e0c lstrlenW CharPrevW 3106->3108 3107->3106 3109 405dd7 3108->3109 3110 405e28 lstrcatW 3108->3110 3109->3056 3110->3109 3111->3075 3113 405c0d 3112->3113 3114 40601a SetFileAttributesW 3112->3114 3113->3096 3113->3097 3113->3098 3114->3113 3116 4061b3 3115->3116 3117 4061d9 GetShortPathNameW 3115->3117 3142 40602d GetFileAttributesW CreateFileW 3116->3142 3119 4062f8 3117->3119 3120 4061ee 3117->3120 3119->3102 3120->3119 3122 4061f6 wsprintfA 3120->3122 3121 4061bd CloseHandle GetShortPathNameW 3121->3119 3123 4061d1 3121->3123 3124 40657a 17 API calls 3122->3124 3123->3117 3123->3119 3125 40621e 3124->3125 3143 40602d GetFileAttributesW CreateFileW 3125->3143 3127 40622b 3127->3119 3128 40623a GetFileSize GlobalAlloc 3127->3128 3129 4062f1 CloseHandle 3128->3129 3130 40625c 3128->3130 3129->3119 3144 4060b0 ReadFile 3130->3144 3135 40627b lstrcpyA 3138 40629d 3135->3138 3136 40628f 3137 405f92 4 API calls 3136->3137 3137->3138 3139 4062d4 SetFilePointer 3138->3139 3151 4060df WriteFile 3139->3151 3142->3121 3143->3127 3145 4060ce 3144->3145 3145->3129 3146 405f92 lstrlenA 3145->3146 3147 405fd3 lstrlenA 3146->3147 3148 405fdb 3147->3148 3149 405fac lstrcmpiA 3147->3149 3148->3135 3148->3136 3149->3148 3150 405fca CharNextA 3149->3150 3150->3147 3152 4060fd GlobalFree 3151->3152 3152->3129 3167 401c43 3168 402d84 17 API calls 3167->3168 3169 401c4a 3168->3169 3170 402d84 17 API calls 3169->3170 3171 401c57 3170->3171 3172 401c6c 3171->3172 3173 402da6 17 API calls 3171->3173 3174 401c7c 3172->3174 3175 402da6 17 API calls 3172->3175 3173->3172 3176 401cd3 3174->3176 3177 401c87 3174->3177 3175->3174 3179 402da6 17 API calls 3176->3179 3178 402d84 17 API calls 3177->3178 3181 401c8c 3178->3181 3180 401cd8 3179->3180 3182 402da6 17 API calls 3180->3182 3183 402d84 17 API calls 3181->3183 3184 401ce1 FindWindowExW 3182->3184 3185 401c98 3183->3185 3188 401d03 3184->3188 3186 401cc3 SendMessageW 3185->3186 3187 401ca5 SendMessageTimeoutW 3185->3187 3186->3188 3187->3188 3815 404943 3816 404953 3815->3816 3817 404979 3815->3817 3818 404499 18 API calls 3816->3818 3819 404500 8 API calls 3817->3819 3820 404960 SetDlgItemTextW 3818->3820 3821 404985 3819->3821 3820->3817 3822 4028c4 3823 4028ca 3822->3823 3824 4028d2 FindClose 3823->3824 3825 402c2a 3823->3825 3824->3825 3829 4016cc 3830 402da6 17 API calls 3829->3830 3831 4016d2 GetFullPathNameW 3830->3831 3832 4016ec 3831->3832 3838 40170e 3831->3838 3835 406873 2 API calls 3832->3835 3832->3838 3833 401723 GetShortPathNameW 3834 402c2a 3833->3834 3836 4016fe 3835->3836 3836->3838 3839 40653d lstrcpynW 3836->3839 3838->3833 3838->3834 3839->3838 3840 401e4e GetDC 3841 402d84 17 API calls 3840->3841 3842 401e60 GetDeviceCaps MulDiv ReleaseDC 3841->3842 3843 402d84 17 API calls 3842->3843 3844 401e91 3843->3844 3845 40657a 17 API calls 3844->3845 3846 401ece CreateFontIndirectW 3845->3846 3847 402638 3846->3847 3848 4045cf lstrcpynW lstrlenW 3849 402950 3850 402da6 17 API calls 3849->3850 3852 40295c 3850->3852 3851 402972 3854 406008 2 API calls 3851->3854 3852->3851 3853 402da6 17 API calls 3852->3853 3853->3851 3855 402978 3854->3855 3877 40602d GetFileAttributesW CreateFileW 3855->3877 3857 402985 3858 402a3b 3857->3858 3859 4029a0 GlobalAlloc 3857->3859 3860 402a23 3857->3860 3861 402a42 DeleteFileW 3858->3861 3862 402a55 3858->3862 3859->3860 3863 4029b9 3859->3863 3864 4032b4 31 API calls 3860->3864 3861->3862 3878 4034e5 SetFilePointer 3863->3878 3866 402a30 CloseHandle 3864->3866 3866->3858 3867 4029bf 3868 4034cf ReadFile 3867->3868 3869 4029c8 GlobalAlloc 3868->3869 3870 4029d8 3869->3870 3871 402a0c 3869->3871 3872 4032b4 31 API calls 3870->3872 3873 4060df WriteFile 3871->3873 3876 4029e5 3872->3876 3874 402a18 GlobalFree 3873->3874 3874->3860 3875 402a03 GlobalFree 3875->3871 3876->3875 3877->3857 3878->3867 3879 401956 3880 402da6 17 API calls 3879->3880 3881 40195d lstrlenW 3880->3881 3882 402638 3881->3882 3591 4014d7 3592 402d84 17 API calls 3591->3592 3593 4014dd Sleep 3592->3593 3595 402c2a 3593->3595 3596 4020d8 3597 4020ea 3596->3597 3607 40219c 3596->3607 3598 402da6 17 API calls 3597->3598 3600 4020f1 3598->3600 3599 401423 24 API calls 3605 4022f6 3599->3605 3601 402da6 17 API calls 3600->3601 3602 4020fa 3601->3602 3603 402110 LoadLibraryExW 3602->3603 3604 402102 GetModuleHandleW 3602->3604 3606 402121 3603->3606 3603->3607 3604->3603 3604->3606 3618 406979 3606->3618 3607->3599 3610 402132 3613 402151 KiUserCallbackDispatcher 3610->3613 3614 40213a 3610->3614 3611 40216b 3612 40559f 24 API calls 3611->3612 3616 402142 3612->3616 3613->3616 3615 401423 24 API calls 3614->3615 3615->3616 3616->3605 3617 40218e FreeLibrary 3616->3617 3617->3605 3623 40655f WideCharToMultiByte 3618->3623 3620 406996 3621 40699d GetProcAddress 3620->3621 3622 40212c 3620->3622 3621->3622 3622->3610 3622->3611 3623->3620 3883 404658 3884 404670 3883->3884 3890 40478a 3883->3890 3891 404499 18 API calls 3884->3891 3885 4047f4 3886 4048be 3885->3886 3887 4047fe GetDlgItem 3885->3887 3892 404500 8 API calls 3886->3892 3888 404818 3887->3888 3889 40487f 3887->3889 3888->3889 3896 40483e SendMessageW LoadCursorW SetCursor 3888->3896 3889->3886 3897 404891 3889->3897 3890->3885 3890->3886 3893 4047c5 GetDlgItem SendMessageW 3890->3893 3894 4046d7 3891->3894 3895 4048b9 3892->3895 3916 4044bb KiUserCallbackDispatcher 3893->3916 3899 404499 18 API calls 3894->3899 3920 404907 3896->3920 3902 4048a7 3897->3902 3903 404897 SendMessageW 3897->3903 3900 4046e4 CheckDlgButton 3899->3900 3914 4044bb KiUserCallbackDispatcher 3900->3914 3902->3895 3907 4048ad SendMessageW 3902->3907 3903->3902 3904 4047ef 3917 4048e3 3904->3917 3907->3895 3909 404702 GetDlgItem 3915 4044ce SendMessageW 3909->3915 3911 404718 SendMessageW 3912 404735 GetSysColor 3911->3912 3913 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3911->3913 3912->3913 3913->3895 3914->3909 3915->3911 3916->3904 3918 4048f1 3917->3918 3919 4048f6 SendMessageW 3917->3919 3918->3919 3919->3885 3923 405b63 ShellExecuteExW 3920->3923 3922 40486d LoadCursorW SetCursor 3922->3889 3923->3922 3924 402b59 3925 402b60 3924->3925 3926 402bab 3924->3926 3929 402d84 17 API calls 3925->3929 3932 402ba9 3925->3932 3927 40690a 5 API calls 3926->3927 3928 402bb2 3927->3928 3930 402da6 17 API calls 3928->3930 3931 402b6e 3929->3931 3933 402bbb 3930->3933 3934 402d84 17 API calls 3931->3934 3933->3932 3935 402bbf IIDFromString 3933->3935 3937 402b7a 3934->3937 3935->3932 3936 402bce 3935->3936 3936->3932 3942 40653d lstrcpynW 3936->3942 3941 406484 wsprintfW 3937->3941 3940 402beb CoTaskMemFree 3940->3932 3941->3932 3942->3940 3741 40175c 3742 402da6 17 API calls 3741->3742 3743 401763 3742->3743 3744 40605c 2 API calls 3743->3744 3745 40176a 3744->3745 3746 40605c 2 API calls 3745->3746 3746->3745 3943 401d5d 3944 402d84 17 API calls 3943->3944 3945 401d6e SetWindowLongW 3944->3945 3946 402c2a 3945->3946 3747 401ede 3748 402d84 17 API calls 3747->3748 3749 401ee4 3748->3749 3750 402d84 17 API calls 3749->3750 3751 401ef0 3750->3751 3752 401f07 EnableWindow 3751->3752 3753 401efc ShowWindow 3751->3753 3754 402c2a 3752->3754 3753->3754 3755 4056de 3756 405888 3755->3756 3757 4056ff GetDlgItem GetDlgItem GetDlgItem 3755->3757 3759 405891 GetDlgItem CreateThread CloseHandle 3756->3759 3760 4058b9 3756->3760 3800 4044ce SendMessageW 3757->3800 3759->3760 3803 405672 5 API calls 3759->3803 3762 4058e4 3760->3762 3763 4058d0 ShowWindow ShowWindow 3760->3763 3764 405909 3760->3764 3761 40576f 3769 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3761->3769 3765 405944 3762->3765 3766 4058f8 3762->3766 3767 40591e ShowWindow 3762->3767 3802 4044ce SendMessageW 3763->3802 3768 404500 8 API calls 3764->3768 3765->3764 3777 405952 SendMessageW 3765->3777 3771 404472 SendMessageW 3766->3771 3773 405930 3767->3773 3774 40593e 3767->3774 3772 405917 3768->3772 3775 4057e4 3769->3775 3776 4057c8 SendMessageW SendMessageW 3769->3776 3771->3764 3778 40559f 24 API calls 3773->3778 3779 404472 SendMessageW 3774->3779 3780 4057f7 3775->3780 3781 4057e9 SendMessageW 3775->3781 3776->3775 3777->3772 3782 40596b CreatePopupMenu 3777->3782 3778->3774 3779->3765 3784 404499 18 API calls 3780->3784 3781->3780 3783 40657a 17 API calls 3782->3783 3786 40597b AppendMenuW 3783->3786 3785 405807 3784->3785 3789 405810 ShowWindow 3785->3789 3790 405844 GetDlgItem SendMessageW 3785->3790 3787 405998 GetWindowRect 3786->3787 3788 4059ab TrackPopupMenu 3786->3788 3787->3788 3788->3772 3791 4059c6 3788->3791 3792 405833 3789->3792 3793 405826 ShowWindow 3789->3793 3790->3772 3794 40586b SendMessageW SendMessageW 3790->3794 3795 4059e2 SendMessageW 3791->3795 3801 4044ce SendMessageW 3792->3801 3793->3792 3794->3772 3795->3795 3796 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3795->3796 3798 405a24 SendMessageW 3796->3798 3798->3798 3799 405a4d GlobalUnlock SetClipboardData CloseClipboard 3798->3799 3799->3772 3800->3761 3801->3790 3802->3762 3947 4028de 3948 4028e6 3947->3948 3949 4028ea FindNextFileW 3948->3949 3952 4028fc 3948->3952 3950 402943 3949->3950 3949->3952 3953 40653d lstrcpynW 3950->3953 3953->3952 3954 404ce0 3955 404cf0 3954->3955 3956 404d0c 3954->3956 3965 405b81 GetDlgItemTextW 3955->3965 3958 404d12 SHGetPathFromIDListW 3956->3958 3959 404d3f 3956->3959 3960 404d29 SendMessageW 3958->3960 3961 404d22 3958->3961 3960->3959 3963 40140b 2 API calls 3961->3963 3962 404cfd SendMessageW 3962->3956 3963->3960 3965->3962 3189 405b63 ShellExecuteExW 3966 401563 3967 402ba4 3966->3967 3970 406484 wsprintfW 3967->3970 3969 402ba9 3970->3969 3971 401968 3972 402d84 17 API calls 3971->3972 3973 40196f 3972->3973 3974 402d84 17 API calls 3973->3974 3975 40197c 3974->3975 3976 402da6 17 API calls 3975->3976 3977 401993 lstrlenW 3976->3977 3978 4019a4 3977->3978 3982 4019e5 3978->3982 3983 40653d lstrcpynW 3978->3983 3980 4019d5 3981 4019da lstrlenW 3980->3981 3980->3982 3981->3982 3983->3980 3984 40166a 3985 402da6 17 API calls 3984->3985 3986 401670 3985->3986 3987 406873 2 API calls 3986->3987 3988 401676 3987->3988 3989 402aeb 3990 402d84 17 API calls 3989->3990 3992 402af1 3990->3992 3991 40292e 3992->3991 3993 40657a 17 API calls 3992->3993 3993->3991 3236 4026ec 3237 402d84 17 API calls 3236->3237 3239 4026fb 3237->3239 3238 402838 3239->3238 3240 402745 ReadFile 3239->3240 3241 4060b0 ReadFile 3239->3241 3242 4027de 3239->3242 3243 402785 MultiByteToWideChar 3239->3243 3244 40283a 3239->3244 3247 4027ab SetFilePointer MultiByteToWideChar 3239->3247 3248 40284b 3239->3248 3240->3238 3240->3239 3241->3239 3242->3238 3242->3239 3250 40610e SetFilePointer 3242->3250 3243->3239 3259 406484 wsprintfW 3244->3259 3247->3239 3248->3238 3249 40286c SetFilePointer 3248->3249 3249->3238 3251 40612a 3250->3251 3254 406142 3250->3254 3252 4060b0 ReadFile 3251->3252 3253 406136 3252->3253 3253->3254 3255 406173 SetFilePointer 3253->3255 3256 40614b SetFilePointer 3253->3256 3254->3242 3255->3254 3256->3255 3257 406156 3256->3257 3258 4060df WriteFile 3257->3258 3258->3254 3259->3238 3530 40176f 3531 402da6 17 API calls 3530->3531 3532 401776 3531->3532 3533 401796 3532->3533 3534 40179e 3532->3534 3569 40653d lstrcpynW 3533->3569 3570 40653d lstrcpynW 3534->3570 3537 40179c 3541 4067c4 5 API calls 3537->3541 3538 4017a9 3539 405e0c 3 API calls 3538->3539 3540 4017af lstrcatW 3539->3540 3540->3537 3558 4017bb 3541->3558 3542 406873 2 API calls 3542->3558 3543 406008 2 API calls 3543->3558 3545 4017cd CompareFileTime 3545->3558 3546 40188d 3548 40559f 24 API calls 3546->3548 3547 401864 3549 40559f 24 API calls 3547->3549 3553 401879 3547->3553 3551 401897 3548->3551 3549->3553 3550 40653d lstrcpynW 3550->3558 3552 4032b4 31 API calls 3551->3552 3554 4018aa 3552->3554 3555 4018be SetFileTime 3554->3555 3556 4018d0 FindCloseChangeNotification 3554->3556 3555->3556 3556->3553 3559 4018e1 3556->3559 3557 40657a 17 API calls 3557->3558 3558->3542 3558->3543 3558->3545 3558->3546 3558->3547 3558->3550 3558->3557 3564 405b9d MessageBoxIndirectW 3558->3564 3568 40602d GetFileAttributesW CreateFileW 3558->3568 3560 4018e6 3559->3560 3561 4018f9 3559->3561 3562 40657a 17 API calls 3560->3562 3563 40657a 17 API calls 3561->3563 3565 4018ee lstrcatW 3562->3565 3566 401901 3563->3566 3564->3558 3565->3566 3567 405b9d MessageBoxIndirectW 3566->3567 3567->3553 3568->3558 3569->3537 3570->3538 3994 401a72 3995 402d84 17 API calls 3994->3995 3996 401a7b 3995->3996 3997 402d84 17 API calls 3996->3997 3998 401a20 3997->3998 3999 401573 4000 401583 ShowWindow 3999->4000 4001 40158c 3999->4001 4000->4001 4002 402c2a 4001->4002 4003 40159a ShowWindow 4001->4003 4003->4002 4004 4023f4 4005 402da6 17 API calls 4004->4005 4006 402403 4005->4006 4007 402da6 17 API calls 4006->4007 4008 40240c 4007->4008 4009 402da6 17 API calls 4008->4009 4010 402416 GetPrivateProfileStringW 4009->4010 4011 4014f5 SetForegroundWindow 4012 402c2a 4011->4012 4013 401ff6 4014 402da6 17 API calls 4013->4014 4015 401ffd 4014->4015 4016 406873 2 API calls 4015->4016 4017 402003 4016->4017 4019 402014 4017->4019 4020 406484 wsprintfW 4017->4020 4020->4019 4021 401b77 4022 402da6 17 API calls 4021->4022 4023 401b7e 4022->4023 4024 402d84 17 API calls 4023->4024 4025 401b87 wsprintfW 4024->4025 4026 402c2a 4025->4026 4027 40167b 4028 402da6 17 API calls 4027->4028 4029 401682 4028->4029 4030 402da6 17 API calls 4029->4030 4031 40168b 4030->4031 4032 402da6 17 API calls 4031->4032 4033 401694 MoveFileW 4032->4033 4034 4016a7 4033->4034 4040 4016a0 4033->4040 4036 406873 2 API calls 4034->4036 4038 4022f6 4034->4038 4035 401423 24 API calls 4035->4038 4037 4016b6 4036->4037 4037->4038 4039 4062fd 36 API calls 4037->4039 4039->4040 4040->4035 4041 4019ff 4042 402da6 17 API calls 4041->4042 4043 401a06 4042->4043 4044 402da6 17 API calls 4043->4044 4045 401a0f 4044->4045 4046 401a16 lstrcmpiW 4045->4046 4047 401a28 lstrcmpW 4045->4047 4048 401a1c 4046->4048 4047->4048 4049 4022ff 4050 402da6 17 API calls 4049->4050 4051 402305 4050->4051 4052 402da6 17 API calls 4051->4052 4053 40230e 4052->4053 4054 402da6 17 API calls 4053->4054 4055 402317 4054->4055 4056 406873 2 API calls 4055->4056 4057 402320 4056->4057 4058 402331 lstrlenW lstrlenW 4057->4058 4059 402324 4057->4059 4061 40559f 24 API calls 4058->4061 4060 40559f 24 API calls 4059->4060 4063 40232c 4059->4063 4060->4063 4062 40236f SHFileOperationW 4061->4062 4062->4059 4062->4063 4064 401000 4065 401037 BeginPaint GetClientRect 4064->4065 4066 40100c DefWindowProcW 4064->4066 4068 4010f3 4065->4068 4071 401179 4066->4071 4069 401073 CreateBrushIndirect FillRect DeleteObject 4068->4069 4070 4010fc 4068->4070 4069->4068 4072 401102 CreateFontIndirectW 4070->4072 4073 401167 EndPaint 4070->4073 4072->4073 4074 401112 6 API calls 4072->4074 4073->4071 4074->4073 3153 401d81 3154 401d94 GetDlgItem 3153->3154 3155 401d87 3153->3155 3156 401d8e 3154->3156 3164 402d84 3155->3164 3158 401dd5 GetClientRect LoadImageW SendMessageW 3156->3158 3159 402da6 17 API calls 3156->3159 3161 401e33 3158->3161 3162 401e3f 3158->3162 3159->3158 3161->3162 3163 401e38 DeleteObject 3161->3163 3163->3162 3165 40657a 17 API calls 3164->3165 3166 402d99 3165->3166 3166->3156 4075 401503 4076 40150b 4075->4076 4078 40151e 4075->4078 4077 402d84 17 API calls 4076->4077 4077->4078 4079 402383 4080 40238a 4079->4080 4082 40239d 4079->4082 4081 40657a 17 API calls 4080->4081 4083 402397 4081->4083 4084 405b9d MessageBoxIndirectW 4083->4084 4084->4082 3216 402c05 SendMessageW 3217 402c2a 3216->3217 3218 402c1f InvalidateRect 3216->3218 3218->3217 4085 404f06 GetDlgItem GetDlgItem 4086 404f58 7 API calls 4085->4086 4092 40517d 4085->4092 4087 404ff2 SendMessageW 4086->4087 4088 404fff DeleteObject 4086->4088 4087->4088 4089 405008 4088->4089 4090 40503f 4089->4090 4093 40657a 17 API calls 4089->4093 4094 404499 18 API calls 4090->4094 4091 40525f 4095 40530b 4091->4095 4105 4052b8 SendMessageW 4091->4105 4125 405170 4091->4125 4092->4091 4096 4051ec 4092->4096 4139 404e54 SendMessageW 4092->4139 4099 405021 SendMessageW SendMessageW 4093->4099 4100 405053 4094->4100 4097 405315 SendMessageW 4095->4097 4098 40531d 4095->4098 4096->4091 4101 405251 SendMessageW 4096->4101 4097->4098 4107 405336 4098->4107 4108 40532f ImageList_Destroy 4098->4108 4123 405346 4098->4123 4099->4089 4104 404499 18 API calls 4100->4104 4101->4091 4102 404500 8 API calls 4106 40550c 4102->4106 4118 405064 4104->4118 4110 4052cd SendMessageW 4105->4110 4105->4125 4111 40533f GlobalFree 4107->4111 4107->4123 4108->4107 4109 4054c0 4114 4054d2 ShowWindow GetDlgItem ShowWindow 4109->4114 4109->4125 4113 4052e0 4110->4113 4111->4123 4112 40513f GetWindowLongW SetWindowLongW 4115 405158 4112->4115 4124 4052f1 SendMessageW 4113->4124 4114->4125 4116 405175 4115->4116 4117 40515d ShowWindow 4115->4117 4138 4044ce SendMessageW 4116->4138 4137 4044ce SendMessageW 4117->4137 4118->4112 4119 40513a 4118->4119 4122 4050b7 SendMessageW 4118->4122 4126 4050f5 SendMessageW 4118->4126 4127 405109 SendMessageW 4118->4127 4119->4112 4119->4115 4122->4118 4123->4109 4130 405381 4123->4130 4144 404ed4 4123->4144 4124->4095 4125->4102 4126->4118 4127->4118 4129 40548b 4131 405496 InvalidateRect 4129->4131 4134 4054a2 4129->4134 4132 4053af SendMessageW 4130->4132 4133 4053c5 4130->4133 4131->4134 4132->4133 4133->4129 4135 405439 SendMessageW SendMessageW 4133->4135 4134->4109 4153 404e0f 4134->4153 4135->4133 4137->4125 4138->4092 4140 404eb3 SendMessageW 4139->4140 4141 404e77 GetMessagePos ScreenToClient SendMessageW 4139->4141 4143 404eab 4140->4143 4142 404eb0 4141->4142 4141->4143 4142->4140 4143->4096 4156 40653d lstrcpynW 4144->4156 4146 404ee7 4157 406484 wsprintfW 4146->4157 4148 404ef1 4149 40140b 2 API calls 4148->4149 4150 404efa 4149->4150 4158 40653d lstrcpynW 4150->4158 4152 404f01 4152->4130 4159 404d46 4153->4159 4155 404e24 4155->4109 4156->4146 4157->4148 4158->4152 4160 404d5f 4159->4160 4161 40657a 17 API calls 4160->4161 4162 404dc3 4161->4162 4163 40657a 17 API calls 4162->4163 4164 404dce 4163->4164 4165 40657a 17 API calls 4164->4165 4166 404de4 lstrlenW wsprintfW SetDlgItemTextW 4165->4166 4166->4155 4167 404609 lstrlenW 4168 404628 4167->4168 4169 40462a WideCharToMultiByte 4167->4169 4168->4169 4170 40498a 4171 4049b6 4170->4171 4172 4049c7 4170->4172 4231 405b81 GetDlgItemTextW 4171->4231 4174 4049d3 GetDlgItem 4172->4174 4179 404a32 4172->4179 4176 4049e7 4174->4176 4175 4049c1 4178 4067c4 5 API calls 4175->4178 4181 4049fb SetWindowTextW 4176->4181 4186 405eb7 4 API calls 4176->4186 4177 404b16 4228 404cc5 4177->4228 4233 405b81 GetDlgItemTextW 4177->4233 4178->4172 4179->4177 4182 40657a 17 API calls 4179->4182 4179->4228 4184 404499 18 API calls 4181->4184 4188 404aa6 SHBrowseForFolderW 4182->4188 4183 404b46 4189 405f14 18 API calls 4183->4189 4190 404a17 4184->4190 4185 404500 8 API calls 4191 404cd9 4185->4191 4187 4049f1 4186->4187 4187->4181 4195 405e0c 3 API calls 4187->4195 4188->4177 4192 404abe CoTaskMemFree 4188->4192 4193 404b4c 4189->4193 4194 404499 18 API calls 4190->4194 4196 405e0c 3 API calls 4192->4196 4234 40653d lstrcpynW 4193->4234 4197 404a25 4194->4197 4195->4181 4198 404acb 4196->4198 4232 4044ce SendMessageW 4197->4232 4201 404b02 SetDlgItemTextW 4198->4201 4206 40657a 17 API calls 4198->4206 4201->4177 4202 404a2b 4204 40690a 5 API calls 4202->4204 4203 404b63 4205 40690a 5 API calls 4203->4205 4204->4179 4212 404b6a 4205->4212 4207 404aea lstrcmpiW 4206->4207 4207->4201 4210 404afb lstrcatW 4207->4210 4208 404bab 4235 40653d lstrcpynW 4208->4235 4210->4201 4211 404bb2 4213 405eb7 4 API calls 4211->4213 4212->4208 4216 405e58 2 API calls 4212->4216 4218 404c03 4212->4218 4214 404bb8 GetDiskFreeSpaceW 4213->4214 4217 404bdc MulDiv 4214->4217 4214->4218 4216->4212 4217->4218 4219 404e0f 20 API calls 4218->4219 4229 404c74 4218->4229 4221 404c61 4219->4221 4220 40140b 2 API calls 4222 404c97 4220->4222 4224 404c76 SetDlgItemTextW 4221->4224 4225 404c66 4221->4225 4236 4044bb KiUserCallbackDispatcher 4222->4236 4224->4229 4227 404d46 20 API calls 4225->4227 4226 404cb3 4226->4228 4230 4048e3 SendMessageW 4226->4230 4227->4229 4228->4185 4229->4220 4229->4222 4230->4228 4231->4175 4232->4202 4233->4183 4234->4203 4235->4211 4236->4226 4237 40248a 4238 402da6 17 API calls 4237->4238 4239 40249c 4238->4239 4240 402da6 17 API calls 4239->4240 4241 4024a6 4240->4241 4254 402e36 4241->4254 4244 4024de 4248 402d84 17 API calls 4244->4248 4252 4024ea 4244->4252 4245 40292e 4246 402da6 17 API calls 4247 4024d4 lstrlenW 4246->4247 4247->4244 4248->4252 4249 402509 RegSetValueExW 4251 40251f RegCloseKey 4249->4251 4250 4032b4 31 API calls 4250->4249 4251->4245 4252->4249 4252->4250 4255 402e51 4254->4255 4258 4063d8 4255->4258 4259 4063e7 4258->4259 4260 4063f2 RegCreateKeyExW 4259->4260 4261 4024b6 4259->4261 4260->4261 4261->4244 4261->4245 4261->4246 4262 40290b 4263 402da6 17 API calls 4262->4263 4264 402912 FindFirstFileW 4263->4264 4265 40293a 4264->4265 4268 402925 4264->4268 4270 406484 wsprintfW 4265->4270 4267 402943 4271 40653d lstrcpynW 4267->4271 4270->4267 4271->4268 4272 40190c 4273 401943 4272->4273 4274 402da6 17 API calls 4273->4274 4275 401948 4274->4275 4276 405c49 67 API calls 4275->4276 4277 401951 4276->4277 4278 40190f 4279 402da6 17 API calls 4278->4279 4280 401916 4279->4280 4281 405b9d MessageBoxIndirectW 4280->4281 4282 40191f 4281->4282 3571 402891 3572 402898 3571->3572 3573 402ba9 3571->3573 3574 402d84 17 API calls 3572->3574 3575 40289f 3574->3575 3576 4028ae SetFilePointer 3575->3576 3576->3573 3577 4028be 3576->3577 3579 406484 wsprintfW 3577->3579 3579->3573 4283 401491 4284 40559f 24 API calls 4283->4284 4285 401498 4284->4285 3580 403b12 3581 403b2a 3580->3581 3582 403b1c CloseHandle 3580->3582 3587 403b57 3581->3587 3582->3581 3585 405c49 67 API calls 3586 403b3b 3585->3586 3589 403b65 3587->3589 3588 403b2f 3588->3585 3589->3588 3590 403b6a FreeLibrary GlobalFree 3589->3590 3590->3588 3590->3590 4286 401f12 4287 402da6 17 API calls 4286->4287 4288 401f18 4287->4288 4289 402da6 17 API calls 4288->4289 4290 401f21 4289->4290 4291 402da6 17 API calls 4290->4291 4292 401f2a 4291->4292 4293 402da6 17 API calls 4292->4293 4294 401f33 4293->4294 4295 401423 24 API calls 4294->4295 4296 401f3a 4295->4296 4303 405b63 ShellExecuteExW 4296->4303 4298 401f82 4299 40292e 4298->4299 4300 4069b5 5 API calls 4298->4300 4301 401f9f FindCloseChangeNotification 4300->4301 4301->4299 4303->4298 4304 405513 4305 405523 4304->4305 4306 405537 4304->4306 4307 405580 4305->4307 4308 405529 4305->4308 4309 40553f IsWindowVisible 4306->4309 4315 405556 4306->4315 4310 405585 CallWindowProcW 4307->4310 4311 4044e5 SendMessageW 4308->4311 4309->4307 4312 40554c 4309->4312 4313 405533 4310->4313 4311->4313 4314 404e54 5 API calls 4312->4314 4314->4315 4315->4310 4316 404ed4 4 API calls 4315->4316 4316->4307 4317 402f93 4318 402fa5 SetTimer 4317->4318 4319 402fbe 4317->4319 4318->4319 4320 403013 4319->4320 4321 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4319->4321 4321->4320 4322 401d17 4323 402d84 17 API calls 4322->4323 4324 401d1d IsWindow 4323->4324 4325 401a20 4324->4325 3624 403f9a 3625 403fb2 3624->3625 3626 404113 3624->3626 3625->3626 3627 403fbe 3625->3627 3628 404164 3626->3628 3629 404124 GetDlgItem GetDlgItem 3626->3629 3631 403fc9 SetWindowPos 3627->3631 3632 403fdc 3627->3632 3630 4041be 3628->3630 3638 401389 2 API calls 3628->3638 3633 404499 18 API calls 3629->3633 3634 4044e5 SendMessageW 3630->3634 3639 40410e 3630->3639 3631->3632 3635 403fe5 ShowWindow 3632->3635 3636 404027 3632->3636 3637 40414e SetClassLongW 3633->3637 3663 4041d0 3634->3663 3640 4040d1 3635->3640 3641 404005 GetWindowLongW 3635->3641 3642 404046 3636->3642 3643 40402f DestroyWindow 3636->3643 3644 40140b 2 API calls 3637->3644 3647 404196 3638->3647 3704 404500 3640->3704 3641->3640 3649 40401e ShowWindow 3641->3649 3645 40404b SetWindowLongW 3642->3645 3646 40405c 3642->3646 3650 404422 3643->3650 3644->3628 3645->3639 3646->3640 3651 404068 GetDlgItem 3646->3651 3647->3630 3652 40419a SendMessageW 3647->3652 3649->3636 3650->3639 3657 404453 ShowWindow 3650->3657 3655 404096 3651->3655 3656 404079 SendMessageW IsWindowEnabled 3651->3656 3652->3639 3653 40140b 2 API calls 3653->3663 3654 404424 DestroyWindow KiUserCallbackDispatcher 3654->3650 3659 4040a3 3655->3659 3661 4040ea SendMessageW 3655->3661 3662 4040b6 3655->3662 3669 40409b 3655->3669 3656->3639 3656->3655 3657->3639 3658 40657a 17 API calls 3658->3663 3659->3661 3659->3669 3661->3640 3664 4040d3 3662->3664 3665 4040be 3662->3665 3663->3639 3663->3653 3663->3654 3663->3658 3666 404499 18 API calls 3663->3666 3686 404364 DestroyWindow 3663->3686 3695 404499 3663->3695 3667 40140b 2 API calls 3664->3667 3668 40140b 2 API calls 3665->3668 3666->3663 3667->3669 3668->3669 3669->3640 3701 404472 3669->3701 3671 40424b GetDlgItem 3672 404260 3671->3672 3673 404268 ShowWindow KiUserCallbackDispatcher 3671->3673 3672->3673 3698 4044bb KiUserCallbackDispatcher 3673->3698 3675 404292 KiUserCallbackDispatcher 3680 4042a6 3675->3680 3676 4042ab GetSystemMenu EnableMenuItem SendMessageW 3677 4042db SendMessageW 3676->3677 3676->3680 3677->3680 3679 403f7b 18 API calls 3679->3680 3680->3676 3680->3679 3699 4044ce SendMessageW 3680->3699 3700 40653d lstrcpynW 3680->3700 3682 40430a lstrlenW 3683 40657a 17 API calls 3682->3683 3684 404320 SetWindowTextW 3683->3684 3685 401389 2 API calls 3684->3685 3685->3663 3686->3650 3687 40437e CreateDialogParamW 3686->3687 3687->3650 3688 4043b1 3687->3688 3689 404499 18 API calls 3688->3689 3690 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3689->3690 3691 401389 2 API calls 3690->3691 3692 404402 3691->3692 3692->3639 3693 40440a ShowWindow 3692->3693 3694 4044e5 SendMessageW 3693->3694 3694->3650 3696 40657a 17 API calls 3695->3696 3697 4044a4 SetDlgItemTextW 3696->3697 3697->3671 3698->3675 3699->3680 3700->3682 3702 404479 3701->3702 3703 40447f SendMessageW 3701->3703 3702->3703 3703->3640 3705 4045c3 3704->3705 3706 404518 GetWindowLongW 3704->3706 3705->3639 3706->3705 3707 40452d 3706->3707 3707->3705 3708 40455a GetSysColor 3707->3708 3709 40455d 3707->3709 3708->3709 3710 404563 SetTextColor 3709->3710 3711 40456d SetBkMode 3709->3711 3710->3711 3712 404585 GetSysColor 3711->3712 3713 40458b 3711->3713 3712->3713 3714 404592 SetBkColor 3713->3714 3715 40459c 3713->3715 3714->3715 3715->3705 3716 4045b6 CreateBrushIndirect 3715->3716 3717 4045af DeleteObject 3715->3717 3716->3705 3717->3716 3718 401b9b 3719 401ba8 3718->3719 3720 401bec 3718->3720 3721 401c31 3719->3721 3726 401bbf 3719->3726 3722 401bf1 3720->3722 3723 401c16 GlobalAlloc 3720->3723 3724 40657a 17 API calls 3721->3724 3727 40239d 3721->3727 3722->3727 3737 40653d lstrcpynW 3722->3737 3725 40657a 17 API calls 3723->3725 3728 402397 3724->3728 3725->3721 3738 40653d lstrcpynW 3726->3738 3733 405b9d MessageBoxIndirectW 3728->3733 3731 401c03 GlobalFree 3731->3727 3732 401bce 3739 40653d lstrcpynW 3732->3739 3733->3727 3735 401bdd 3740 40653d lstrcpynW 3735->3740 3737->3731 3738->3732 3739->3735 3740->3727 4326 40261c 4327 402da6 17 API calls 4326->4327 4328 402623 4327->4328 4331 40602d GetFileAttributesW CreateFileW 4328->4331 4330 40262f 4331->4330 3804 40259e 3805 402de6 17 API calls 3804->3805 3806 4025a8 3805->3806 3807 402d84 17 API calls 3806->3807 3808 4025b1 3807->3808 3809 4025d9 RegEnumValueW 3808->3809 3810 4025cd RegEnumKeyW 3808->3810 3811 40292e 3808->3811 3812 4025f5 RegCloseKey 3809->3812 3813 4025ee 3809->3813 3810->3812 3812->3811 3813->3812 4332 40149e 4333 4014ac PostQuitMessage 4332->4333 4334 40239d 4332->4334 4333->4334 4335 4015a3 4336 402da6 17 API calls 4335->4336 4337 4015aa SetFileAttributesW 4336->4337 4338 4015bc 4337->4338 3190 401fa4 3191 402da6 17 API calls 3190->3191 3192 401faa 3191->3192 3193 40559f 24 API calls 3192->3193 3194 401fb4 3193->3194 3203 405b20 CreateProcessW 3194->3203 3198 40292e 3200 401fcf 3201 401fdd FindCloseChangeNotification 3200->3201 3211 406484 wsprintfW 3200->3211 3201->3198 3204 405b53 CloseHandle 3203->3204 3205 401fba 3203->3205 3204->3205 3205->3198 3205->3201 3206 4069b5 WaitForSingleObject 3205->3206 3207 4069cf 3206->3207 3208 4069e1 GetExitCodeProcess 3207->3208 3212 406946 3207->3212 3208->3200 3211->3201 3213 406963 PeekMessageW 3212->3213 3214 406973 WaitForSingleObject 3213->3214 3215 406959 DispatchMessageW 3213->3215 3214->3207 3215->3213 3219 40252a 3230 402de6 3219->3230 3222 402da6 17 API calls 3223 40253d 3222->3223 3224 402548 RegQueryValueExW 3223->3224 3229 40292e 3223->3229 3225 40256e RegCloseKey 3224->3225 3226 402568 3224->3226 3225->3229 3226->3225 3235 406484 wsprintfW 3226->3235 3231 402da6 17 API calls 3230->3231 3232 402dfd 3231->3232 3233 4063aa RegOpenKeyExW 3232->3233 3234 402534 3233->3234 3234->3222 3235->3225 4339 40202a 4340 402da6 17 API calls 4339->4340 4341 402031 4340->4341 4342 40690a 5 API calls 4341->4342 4343 402040 4342->4343 4344 40205c GlobalAlloc 4343->4344 4347 4020cc 4343->4347 4345 402070 4344->4345 4344->4347 4346 40690a 5 API calls 4345->4346 4348 402077 4346->4348 4349 40690a 5 API calls 4348->4349 4350 402081 4349->4350 4350->4347 4354 406484 wsprintfW 4350->4354 4352 4020ba 4355 406484 wsprintfW 4352->4355 4354->4352 4355->4347 4356 4021aa 4357 402da6 17 API calls 4356->4357 4358 4021b1 4357->4358 4359 402da6 17 API calls 4358->4359 4360 4021bb 4359->4360 4361 402da6 17 API calls 4360->4361 4362 4021c5 4361->4362 4363 402da6 17 API calls 4362->4363 4364 4021cf 4363->4364 4365 402da6 17 API calls 4364->4365 4366 4021d9 4365->4366 4367 402218 CoCreateInstance 4366->4367 4368 402da6 17 API calls 4366->4368 4371 402237 4367->4371 4368->4367 4369 401423 24 API calls 4370 4022f6 4369->4370 4371->4369 4371->4370 4372 403baa 4373 403bb5 4372->4373 4374 403bb9 4373->4374 4375 403bbc GlobalAlloc 4373->4375 4375->4374 3260 40352d SetErrorMode GetVersionExW 3261 4035b7 3260->3261 3262 40357f GetVersionExW 3260->3262 3263 403610 3261->3263 3264 40690a 5 API calls 3261->3264 3262->3261 3265 40689a 3 API calls 3263->3265 3264->3263 3266 403626 lstrlenA 3265->3266 3266->3263 3267 403636 3266->3267 3268 40690a 5 API calls 3267->3268 3269 40363d 3268->3269 3270 40690a 5 API calls 3269->3270 3271 403644 3270->3271 3272 40690a 5 API calls 3271->3272 3276 403650 #17 OleInitialize SHGetFileInfoW 3272->3276 3275 40369d GetCommandLineW 3351 40653d lstrcpynW 3275->3351 3350 40653d lstrcpynW 3276->3350 3278 4036af 3279 405e39 CharNextW 3278->3279 3280 4036d5 CharNextW 3279->3280 3292 4036e6 3280->3292 3281 4037e4 3282 4037f8 GetTempPathW 3281->3282 3352 4034fc 3282->3352 3284 403810 3286 403814 GetWindowsDirectoryW lstrcatW 3284->3286 3287 40386a DeleteFileW 3284->3287 3285 405e39 CharNextW 3285->3292 3288 4034fc 12 API calls 3286->3288 3362 40307d GetTickCount GetModuleFileNameW 3287->3362 3290 403830 3288->3290 3290->3287 3293 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3290->3293 3291 40387d 3295 403a59 ExitProcess OleUninitialize 3291->3295 3297 403932 3291->3297 3305 405e39 CharNextW 3291->3305 3292->3281 3292->3285 3294 4037e6 3292->3294 3296 4034fc 12 API calls 3293->3296 3446 40653d lstrcpynW 3294->3446 3299 403a69 3295->3299 3300 403a7e 3295->3300 3304 403862 3296->3304 3390 403bec 3297->3390 3451 405b9d 3299->3451 3302 403a86 GetCurrentProcess OpenProcessToken 3300->3302 3303 403afc ExitProcess 3300->3303 3308 403acc 3302->3308 3309 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3302->3309 3304->3287 3304->3295 3319 40389f 3305->3319 3312 40690a 5 API calls 3308->3312 3309->3308 3310 403941 3310->3295 3315 403ad3 3312->3315 3313 403908 3316 405f14 18 API calls 3313->3316 3314 403949 3318 405b08 5 API calls 3314->3318 3317 403ae8 ExitWindowsEx 3315->3317 3321 403af5 3315->3321 3320 403914 3316->3320 3317->3303 3317->3321 3322 40394e lstrcatW 3318->3322 3319->3313 3319->3314 3320->3295 3447 40653d lstrcpynW 3320->3447 3455 40140b 3321->3455 3323 40396a lstrcatW lstrcmpiW 3322->3323 3324 40395f lstrcatW 3322->3324 3323->3310 3326 40398a 3323->3326 3324->3323 3328 403996 3326->3328 3329 40398f 3326->3329 3332 405aeb 2 API calls 3328->3332 3331 405a6e 4 API calls 3329->3331 3330 403927 3448 40653d lstrcpynW 3330->3448 3334 403994 3331->3334 3335 40399b SetCurrentDirectoryW 3332->3335 3334->3335 3336 4039b8 3335->3336 3337 4039ad 3335->3337 3450 40653d lstrcpynW 3336->3450 3449 40653d lstrcpynW 3337->3449 3340 40657a 17 API calls 3341 4039fa DeleteFileW 3340->3341 3342 403a06 CopyFileW 3341->3342 3347 4039c5 3341->3347 3342->3347 3343 403a50 3345 4062fd 36 API calls 3343->3345 3344 4062fd 36 API calls 3344->3347 3345->3310 3346 40657a 17 API calls 3346->3347 3347->3340 3347->3343 3347->3344 3347->3346 3348 405b20 2 API calls 3347->3348 3349 403a3a CloseHandle 3347->3349 3348->3347 3349->3347 3350->3275 3351->3278 3353 4067c4 5 API calls 3352->3353 3355 403508 3353->3355 3354 403512 3354->3284 3355->3354 3356 405e0c 3 API calls 3355->3356 3357 40351a 3356->3357 3358 405aeb 2 API calls 3357->3358 3359 403520 3358->3359 3458 40605c 3359->3458 3462 40602d GetFileAttributesW CreateFileW 3362->3462 3364 4030bd 3382 4030cd 3364->3382 3463 40653d lstrcpynW 3364->3463 3366 4030e3 3367 405e58 2 API calls 3366->3367 3368 4030e9 3367->3368 3464 40653d lstrcpynW 3368->3464 3370 4030f4 GetFileSize 3371 4031ee 3370->3371 3389 40310b 3370->3389 3465 403019 3371->3465 3373 4031f7 3375 403227 GlobalAlloc 3373->3375 3373->3382 3500 4034e5 SetFilePointer 3373->3500 3476 4034e5 SetFilePointer 3375->3476 3377 40325a 3379 403019 6 API calls 3377->3379 3379->3382 3380 403210 3383 4034cf ReadFile 3380->3383 3381 403242 3477 4032b4 3381->3477 3382->3291 3385 40321b 3383->3385 3385->3375 3385->3382 3386 403019 6 API calls 3386->3389 3387 40324e 3387->3382 3387->3387 3388 40328b SetFilePointer 3387->3388 3388->3382 3389->3371 3389->3377 3389->3382 3389->3386 3497 4034cf 3389->3497 3391 40690a 5 API calls 3390->3391 3392 403c00 3391->3392 3393 403c06 3392->3393 3394 403c18 3392->3394 3517 406484 wsprintfW 3393->3517 3395 40640b 3 API calls 3394->3395 3396 403c48 3395->3396 3398 403c67 lstrcatW 3396->3398 3400 40640b 3 API calls 3396->3400 3399 403c16 3398->3399 3502 403ec2 3399->3502 3400->3398 3403 405f14 18 API calls 3404 403c99 3403->3404 3405 403d2d 3404->3405 3407 40640b 3 API calls 3404->3407 3406 405f14 18 API calls 3405->3406 3408 403d33 3406->3408 3409 403ccb 3407->3409 3410 403d43 LoadImageW 3408->3410 3411 40657a 17 API calls 3408->3411 3409->3405 3414 403cec lstrlenW 3409->3414 3418 405e39 CharNextW 3409->3418 3412 403de9 3410->3412 3413 403d6a RegisterClassW 3410->3413 3411->3410 3417 40140b 2 API calls 3412->3417 3415 403da0 SystemParametersInfoW CreateWindowExW 3413->3415 3416 403df3 3413->3416 3419 403d20 3414->3419 3420 403cfa lstrcmpiW 3414->3420 3415->3412 3416->3310 3423 403def 3417->3423 3421 403ce9 3418->3421 3424 405e0c 3 API calls 3419->3424 3420->3419 3422 403d0a GetFileAttributesW 3420->3422 3421->3414 3426 403d16 3422->3426 3423->3416 3427 403ec2 18 API calls 3423->3427 3425 403d26 3424->3425 3518 40653d lstrcpynW 3425->3518 3426->3419 3430 405e58 2 API calls 3426->3430 3428 403e00 3427->3428 3431 403e0c ShowWindow 3428->3431 3432 403e8f 3428->3432 3430->3419 3433 40689a 3 API calls 3431->3433 3510 405672 OleInitialize 3432->3510 3435 403e24 3433->3435 3439 403e32 GetClassInfoW 3435->3439 3441 40689a 3 API calls 3435->3441 3436 403e95 3437 403eb1 3436->3437 3438 403e99 3436->3438 3440 40140b 2 API calls 3437->3440 3438->3416 3444 40140b 2 API calls 3438->3444 3442 403e46 GetClassInfoW RegisterClassW 3439->3442 3443 403e5c DialogBoxParamW 3439->3443 3440->3416 3441->3439 3442->3443 3445 40140b 2 API calls 3443->3445 3444->3416 3445->3416 3446->3282 3447->3330 3448->3297 3449->3336 3450->3347 3452 405bb2 3451->3452 3453 403a76 ExitProcess 3452->3453 3454 405bc6 MessageBoxIndirectW 3452->3454 3454->3453 3456 401389 2 API calls 3455->3456 3457 401420 3456->3457 3457->3303 3459 406069 GetTickCount GetTempFileNameW 3458->3459 3460 40352b 3459->3460 3461 40609f 3459->3461 3460->3284 3461->3459 3461->3460 3462->3364 3463->3366 3464->3370 3466 403022 3465->3466 3467 40303a 3465->3467 3468 403032 3466->3468 3469 40302b DestroyWindow 3466->3469 3470 403042 3467->3470 3471 40304a GetTickCount 3467->3471 3468->3373 3469->3468 3472 406946 2 API calls 3470->3472 3473 403058 CreateDialogParamW ShowWindow 3471->3473 3474 40307b 3471->3474 3475 403048 3472->3475 3473->3474 3474->3373 3475->3373 3476->3381 3478 4032cd 3477->3478 3479 4032fb 3478->3479 3501 4034e5 SetFilePointer 3478->3501 3481 4034cf ReadFile 3479->3481 3482 403306 3481->3482 3483 403468 3482->3483 3484 403318 GetTickCount 3482->3484 3488 403452 3482->3488 3485 4034aa 3483->3485 3490 40346c 3483->3490 3484->3488 3493 403367 3484->3493 3487 4034cf ReadFile 3485->3487 3486 4034cf ReadFile 3486->3493 3487->3488 3488->3387 3489 4034cf ReadFile 3489->3490 3490->3488 3490->3489 3491 4060df WriteFile 3490->3491 3491->3490 3492 4033bd GetTickCount 3492->3493 3493->3486 3493->3488 3493->3492 3494 4033e2 MulDiv wsprintfW 3493->3494 3496 4060df WriteFile 3493->3496 3495 40559f 24 API calls 3494->3495 3495->3493 3496->3493 3498 4060b0 ReadFile 3497->3498 3499 4034e2 3498->3499 3499->3389 3500->3380 3501->3479 3503 403ed6 3502->3503 3519 406484 wsprintfW 3503->3519 3505 403f47 3520 403f7b 3505->3520 3507 403c77 3507->3403 3508 403f4c 3508->3507 3509 40657a 17 API calls 3508->3509 3509->3508 3523 4044e5 3510->3523 3512 405695 3516 4056bc 3512->3516 3526 401389 3512->3526 3513 4044e5 SendMessageW 3514 4056ce OleUninitialize 3513->3514 3514->3436 3516->3513 3517->3399 3518->3405 3519->3505 3521 40657a 17 API calls 3520->3521 3522 403f89 SetWindowTextW 3521->3522 3522->3508 3524 4044fd 3523->3524 3525 4044ee SendMessageW 3523->3525 3524->3512 3525->3524 3528 401390 3526->3528 3527 4013fe 3527->3512 3528->3527 3529 4013cb MulDiv SendMessageW 3528->3529 3529->3528 4376 401a30 4377 402da6 17 API calls 4376->4377 4378 401a39 ExpandEnvironmentStringsW 4377->4378 4379 401a4d 4378->4379 4381 401a60 4378->4381 4380 401a52 lstrcmpW 4379->4380 4379->4381 4380->4381 4387 4023b2 4388 4023c0 4387->4388 4389 4023ba 4387->4389 4391 402da6 17 API calls 4388->4391 4394 4023ce 4388->4394 4390 402da6 17 API calls 4389->4390 4390->4388 4391->4394 4392 402da6 17 API calls 4395 4023dc 4392->4395 4393 402da6 17 API calls 4396 4023e5 WritePrivateProfileStringW 4393->4396 4394->4392 4394->4395 4395->4393 4397 402434 4398 402467 4397->4398 4399 40243c 4397->4399 4400 402da6 17 API calls 4398->4400 4401 402de6 17 API calls 4399->4401 4402 40246e 4400->4402 4403 402443 4401->4403 4408 402e64 4402->4408 4405 402da6 17 API calls 4403->4405 4406 40247b 4403->4406 4407 402454 RegDeleteValueW RegCloseKey 4405->4407 4407->4406 4409 402e71 4408->4409 4410 402e78 4408->4410 4409->4406 4410->4409 4412 402ea9 4410->4412 4413 4063aa RegOpenKeyExW 4412->4413 4414 402ed7 4413->4414 4415 402ee7 RegEnumValueW 4414->4415 4416 402f0a 4414->4416 4423 402f81 4414->4423 4415->4416 4417 402f71 RegCloseKey 4415->4417 4416->4417 4418 402f46 RegEnumKeyW 4416->4418 4419 402f4f RegCloseKey 4416->4419 4421 402ea9 6 API calls 4416->4421 4417->4423 4418->4416 4418->4419 4420 40690a 5 API calls 4419->4420 4422 402f5f 4420->4422 4421->4416 4422->4423 4424 402f63 RegDeleteKeyW 4422->4424 4423->4409 4424->4423 4425 401735 4426 402da6 17 API calls 4425->4426 4427 40173c SearchPathW 4426->4427 4428 401757 4427->4428 4429 401d38 4430 402d84 17 API calls 4429->4430 4431 401d3f 4430->4431 4432 402d84 17 API calls 4431->4432 4433 401d4b GetDlgItem 4432->4433 4434 402638 4433->4434 4435 4014b8 4436 4014be 4435->4436 4437 401389 2 API calls 4436->4437 4438 4014c6 4437->4438 4439 40263e 4440 402652 4439->4440 4441 40266d 4439->4441 4442 402d84 17 API calls 4440->4442 4443 402672 4441->4443 4444 40269d 4441->4444 4451 402659 4442->4451 4445 402da6 17 API calls 4443->4445 4446 402da6 17 API calls 4444->4446 4448 402679 4445->4448 4447 4026a4 lstrlenW 4446->4447 4447->4451 4456 40655f WideCharToMultiByte 4448->4456 4450 40268d lstrlenA 4450->4451 4452 4026d1 4451->4452 4453 4026e7 4451->4453 4455 40610e 5 API calls 4451->4455 4452->4453 4454 4060df WriteFile 4452->4454 4454->4453 4455->4452 4456->4450

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 0040352D Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                            • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                            • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                            • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe",00000020,"C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe",00000000), ref: 004036D6
                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                            • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                              • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe",00000000,?), ref: 0040397C
                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                            • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,20221121000000%2E000000%2B000,?), ref: 004039FB
                                                                                                                                                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                            • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                            • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                            • String ID: "C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe"$.tmp$1033$20221121000000%2E000000%2B000$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                            • API String ID: 2292928366-4231068689
                                                                                                                                                                                            • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                            • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004056DE Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 153 4058f0-4058f6 148->153 154 405944-405948 148->154 151 4058d0-4058df ShowWindow * 2 call 4044ce 149->151 152 405909-405912 call 404500 149->152 151->148 162 405917-40591b 152->162 155 4058f8-405904 call 404472 153->155 156 40591e-40592e ShowWindow 153->156 154->152 159 40594a-405950 154->159 155->152 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->152 167 405952-405965 SendMessageW 159->167 163->164 164->154 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                            • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                              • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                            • ShowWindow.USER32(0003047A,00000008), ref: 004058DC
                                                                                                                                                                                            • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                            • String ID: {
                                                                                                                                                                                            • API String ID: 590372296-366298937
                                                                                                                                                                                            • Opcode ID: f8565664f7b2e804c40d78346ff69871c1535371e8e3cc69fe24884c49ce1a76
                                                                                                                                                                                            • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                            • Opcode Fuzzy Hash: f8565664f7b2e804c40d78346ff69871c1535371e8e3cc69fe24884c49ce1a76
                                                                                                                                                                                            • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 440 405c49-405c6f call 405f14 443 405c71-405c83 DeleteFileW 440->443 444 405c88-405c8f 440->444 445 405e05-405e09 443->445 446 405c91-405c93 444->446 447 405ca2-405cb2 call 40653d 444->447 448 405db3-405db8 446->448 449 405c99-405c9c 446->449 455 405cc1-405cc2 call 405e58 447->455 456 405cb4-405cbf lstrcatW 447->456 448->445 451 405dba-405dbd 448->451 449->447 449->448 453 405dc7-405dcf call 406873 451->453 454 405dbf-405dc5 451->454 453->445 464 405dd1-405de5 call 405e0c call 405c01 453->464 454->445 458 405cc7-405ccb 455->458 456->458 460 405cd7-405cdd lstrcatW 458->460 461 405ccd-405cd5 458->461 463 405ce2-405cfe lstrlenW FindFirstFileW 460->463 461->460 461->463 465 405d04-405d0c 463->465 466 405da8-405dac 463->466 480 405de7-405dea 464->480 481 405dfd-405e00 call 40559f 464->481 468 405d2c-405d40 call 40653d 465->468 469 405d0e-405d16 465->469 466->448 471 405dae 466->471 482 405d42-405d4a 468->482 483 405d57-405d62 call 405c01 468->483 472 405d18-405d20 469->472 473 405d8b-405d9b FindNextFileW 469->473 471->448 472->468 476 405d22-405d2a 472->476 473->465 479 405da1-405da2 FindClose 473->479 476->468 476->473 479->466 480->454 486 405dec-405dfb call 40559f call 4062fd 480->486 481->445 482->473 487 405d4c-405d55 call 405c49 482->487 491 405d83-405d86 call 40559f 483->491 492 405d64-405d67 483->492 486->445 487->473 491->473 495 405d69-405d79 call 40559f call 4062fd 492->495 496 405d7b-405d81 492->496 495->473 496->473
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                            • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsh723C.tmp\*.*$\*.*
                                                                                                                                                                                            • API String ID: 2035342205-761381374
                                                                                                                                                                                            • Opcode ID: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                            • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: d4824498ca5d4646401654330336f54dc3516ea2401a274e156101c2699109e4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(74DF3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                            • String ID: C:\
                                                                                                                                                                                            • API String ID: 2295610775-3404278061
                                                                                                                                                                                            • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                            • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403F9A Relevance: 51.4, APIs: 34, Instructions: 357windowstringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 211 4041d0-4041eb 198->211 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 210 404466 204->210 212 404100-40410e call 404500 206->212 213 404005-404018 GetWindowLongW 206->213 214 404046-404049 207->214 215 40402f-404041 DestroyWindow 207->215 224 404468-40446f 210->224 221 4041f4-4041fa 211->221 222 4041ed-4041ef call 40140b 211->222 212->224 213->212 223 40401e-404021 ShowWindow 213->223 217 40404b-404057 SetWindowLongW 214->217 218 40405c-404062 214->218 225 404443-404449 215->225 217->224 218->212 227 404068-404077 GetDlgItem 218->227 232 404200-40420b 221->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 221->233 222->221 223->207 225->210 231 40444b-404451 225->231 234 404096-404099 227->234 235 404079-404090 SendMessageW IsWindowEnabled 227->235 228->224 231->210 236 404453-40445c ShowWindow 231->236 232->233 237 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->237 233->225 238 40409b-40409c 234->238 239 40409e-4040a1 234->239 235->210 235->234 236->210 264 404260-404265 237->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb KiUserCallbackDispatcher 237->265 242 4040cc-4040d1 call 404472 238->242 243 4040a3-4040a9 239->243 244 4040af-4040b4 239->244 242->212 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->212 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->212 261 4040de-4040e8 252->261 262 4040ca 253->262 261->262 262->242 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->211 284 404339-40433b 273->284 284->211 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->225 288 40437e-4043ab CreateDialogParamW 286->288 287->210 289 404353-404359 287->289 288->225 290 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 288->290 289->211 291 40435f 289->291 290->210 296 40440a-40441d ShowWindow call 4044e5 290->296 291->210 298 404422 296->298 298->225
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                            • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040429C
                                                                                                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                            • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                            • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                            • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$Item$MessageSendShow$Long$CallbackDispatcherMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3964124867-0
                                                                                                                                                                                            • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                            • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                            • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 342 403df3-403df6 328->342 343 403dfb-403e06 call 403ec2 328->343 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 341 403d0a-403d14 GetFileAttributesW 338->341 346 403d16-403d18 341->346 347 403d1a-403d1b call 405e58 341->347 342->336 352 403e0c-403e26 ShowWindow call 40689a 343->352 353 403e8f-403e90 call 405672 343->353 346->337 346->347 347->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 357 403e95-403e97 353->357 358 403eb1-403eb3 call 40140b 357->358 359 403e99-403e9f 357->359 358->333 359->342 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->342 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                              • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                            • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                            • lstrlenW.KERNEL32(00432EA0,?,?,?,00432EA0,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00432E98,.exe,00432EA0,?,?,?,00432EA0,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00432EA0,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403D54
                                                                                                                                                                                              • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                            • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                            • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                            • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                            • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                            • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$elete file:
                                                                                                                                                                                            • API String ID: 1975747703-4055150547
                                                                                                                                                                                            • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                            • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                            • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                            • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                              • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                              • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                            • API String ID: 2803837635-3580952883
                                                                                                                                                                                            • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                            • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040657A Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 196stringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 504 40657a-406585 505 406587-406596 504->505 506 406598-4065ae 504->506 505->506 507 4065b0-4065bd 506->507 508 4065c6-4065cf 506->508 507->508 509 4065bf-4065c2 507->509 510 4065d5 508->510 511 4067aa-4067b5 508->511 509->508 512 4065da-4065e7 510->512 513 4067c0-4067c1 511->513 514 4067b7-4067bb call 40653d 511->514 512->511 515 4065ed-4065f6 512->515 514->513 517 406788 515->517 518 4065fc-406639 515->518 521 406796-406799 517->521 522 40678a-406794 517->522 519 40672c-406731 518->519 520 40663f-406646 518->520 526 406733-406739 519->526 527 406764-406769 519->527 523 406648-40664a 520->523 524 40664b-40664d 520->524 525 40679b-4067a4 521->525 522->525 523->524 528 40668a-40668d 524->528 529 40664f-40666d call 40640b 524->529 525->511 532 4065d7 525->532 533 406749-406755 call 40653d 526->533 534 40673b-406747 call 406484 526->534 530 406778-406786 lstrlenW 527->530 531 40676b-406773 call 40657a 527->531 538 40669d-4066a0 528->538 539 40668f-40669b GetSystemDirectoryW 528->539 543 406672-406676 529->543 530->525 531->530 532->512 542 40675a-406760 533->542 534->542 545 4066a2-4066b0 GetWindowsDirectoryW 538->545 546 406709-40670b 538->546 544 40670d-406711 539->544 542->530 547 406762 542->547 549 406713-406717 543->549 550 40667c-406685 call 40657a 543->550 544->549 551 406724-40672a call 4067c4 544->551 545->546 546->544 548 4066b2-4066ba 546->548 547->551 555 4066d1-4066e7 SHGetSpecialFolderLocation 548->555 556 4066bc-4066c5 548->556 549->551 552 406719-40671f lstrcatW 549->552 550->544 551->530 552->551 557 406705 555->557 558 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 555->558 561 4066cd-4066cf 556->561 557->546 558->544 558->557 561->544 561->555
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(00432EA0,00000400), ref: 00406695
                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(00432EA0,00000400,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00000000,00424420,74DF23A0), ref: 004066A8
                                                                                                                                                                                            • lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                            • lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\nsh723C.tmp\, xrefs: 0040659F
                                                                                                                                                                                            • \Microsoft\Internet Explorer\Quick Launch, xrefs: 00406719
                                                                                                                                                                                            • 20221121000000%2E000000%2B000, xrefs: 0040674E
                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406663
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                            • String ID: 20221121000000%2E000000%2B000$C:\Users\user\AppData\Local\Temp\nsh723C.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                                                                            • API String ID: 4260037668-1240780125
                                                                                                                                                                                            • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                            • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                            • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004032B4 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 166COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 587 403474-40347a 582->587 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 587->591 592 40347e-40348c call 4034cf 587->592 591->592 592->572 599 40348e-40349a call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 606 403464-403466 599->606 607 40349c-4034a6 599->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->587 612 4034a8 607->612 613 4033e2-403418 MulDiv wsprintfW call 40559f 608->613 614 4033dc-4033e0 608->614 610 403454-403458 609->610 611 40341f-403423 609->611 610->581 618 40345e 610->618 616 403425-40342c call 4060df 611->616 617 40343a-403445 611->617 612->580 613->609 614->609 614->613 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CountTick$wsprintf
                                                                                                                                                                                            • String ID: *B$ DB$ A$ A$... %d%%$tClientRect$}8@
                                                                                                                                                                                            • API String ID: 551687249-400812307
                                                                                                                                                                                            • Opcode ID: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                                                                                            • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bb00b159343602b5baf8216f2e6fd7ccfc314744640e4b330e170589aabe739
                                                                                                                                                                                            • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,Set,Set,00000000,00000000,Set,C:\Program Files (x86)\Fast!,?,?,00000031), ref: 004017D5
                                                                                                                                                                                              • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\), ref: 0040560C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\nsh723C.tmp$C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dll$Set
                                                                                                                                                                                            • API String ID: 1941528284-740335272
                                                                                                                                                                                            • Opcode ID: 340e1442e1db9b0bbd45c79093729705e5d63a2406d9793f1b9f797b5a8be8ee
                                                                                                                                                                                            • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 340e1442e1db9b0bbd45c79093729705e5d63a2406d9793f1b9f797b5a8be8ee
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                            • lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                            • SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\), ref: 0040560C
                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\
                                                                                                                                                                                            • API String ID: 1495540970-3041722732
                                                                                                                                                                                            • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                            • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 714 402720-40272f call 40649d 712->714 715 40287e-402886 712->715 714->715 718 402735 714->718 715->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->715 722 402766-40276b 721->722 722->715 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->715 732 402801 724->732 729 402785-402797 MultiByteToWideChar 726->729 730 40283a-402846 call 406484 726->730 727->715 727->724 729->732 733 402799-40279c 729->733 730->710 736 402804-402807 732->736 737 40279e-4027a9 733->737 736->730 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 744 402817-40282a 741->744 745 402851-402855 742->745 746 40286c-402878 SetFilePointer 742->746 743->732 744->715 747 40282c-402832 744->747 748 402857-40285b 745->748 749 40285d-40286a 745->749 746->715 747->719 750 402838 747->750 748->746 748->749 749->715 750->715
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                              • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                            • String ID: 9
                                                                                                                                                                                            • API String ID: 163830602-2366072709
                                                                                                                                                                                            • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                            • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                            • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                            • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                            • API String ID: 2200240437-1946221925
                                                                                                                                                                                            • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                            • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 758 405a6e-405ab9 CreateDirectoryW 759 405abb-405abd 758->759 760 405abf-405acc GetLastError 758->760 761 405ae6-405ae8 759->761 760->761 762 405ace-405ae2 SetFileSecurityW 760->762 762->759 763 405ae4 GetLastError 762->763 763->761
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 3449924974-3081826266
                                                                                                                                                                                            • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                            • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 764 401d81-401d85 765 401d94-401d9a GetDlgItem 764->765 766 401d87-401d92 call 402d84 764->766 767 401da0-401dcc 765->767 766->767 769 401dd7 767->769 770 401dce-401dd5 call 402da6 767->770 773 401ddb-401e31 GetClientRect LoadImageW SendMessageW 769->773 770->773 775 401e33-401e36 773->775 776 401e3f-401e42 773->776 775->776 777 401e38-401e39 DeleteObject 775->777 778 401e48 776->778 779 402c2a-402c39 776->779 777->776 778->779
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                            • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1849352358-0
                                                                                                                                                                                            • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                            • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 782 401c43-401c63 call 402d84 * 2 787 401c65-401c6c call 402da6 782->787 788 401c6f-401c73 782->788 787->788 790 401c75-401c7c call 402da6 788->790 791 401c7f-401c85 788->791 790->791 794 401cd3-401cfd call 402da6 * 2 FindWindowExW 791->794 795 401c87-401ca3 call 402d84 * 2 791->795 805 401d03 794->805 806 401cc3-401cd1 SendMessageW 795->806 807 401ca5-401cc1 SendMessageTimeoutW 795->807 808 401d06-401d09 805->808 806->805 807->808 809 402c2a-402c39 808->809 810 401d0f 808->810 810->809
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Timeout
                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                                                                                                            • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                            • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                            • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                            • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                            • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 3248276644-3049482934
                                                                                                                                                                                            • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                            • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                            • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CountFileNameTempTick
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                            • API String ID: 1716503409-678247507
                                                                                                                                                                                            • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                            • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                            • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004020D8 Relevance: 6.1, APIs: 4, Instructions: 73libraryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00000400,?,0040CE50,0040A000,?,00000008,00000001,000000F0), ref: 00402164
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\), ref: 0040560C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Librarylstrlen$CallbackDispatcherFreeHandleLoadModuleTextUserWindowlstrcat
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 719239633-0
                                                                                                                                                                                            • Opcode ID: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                                                                                            • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bf0e5e813b2564cc7cfb612efcde4c797e71ce7d2922b3564d4c07743ad1514
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                              • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\Fast!,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Program Files (x86)\Fast!, xrefs: 00401640
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                            • API String ID: 1892508949-1788482285
                                                                                                                                                                                            • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                            • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                            • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401F12 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00405B63: ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                              • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                              • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ChangeCloseCodeExecuteExitFindNotificationObjectProcessShellSingleWait
                                                                                                                                                                                            • String ID: @$C:\Program Files (x86)\Fast!
                                                                                                                                                                                            • API String ID: 4215836453-1939985250
                                                                                                                                                                                            • Opcode ID: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                                                                                            • Instruction ID: 706d8f23dd4fc365793d21c3b3cee38f3579e955c6bce5a1691758ef83551cc9
                                                                                                                                                                                            • Opcode Fuzzy Hash: e9e6b888b2ac62b7866e10c79cc816c8736e15ae282fdec460a2aeb23ba8a534
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20115B71E042189ADB50EFB9CA49B8CB6F4BF04304F24447AE405F72C1EBBC89459B18
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Free$GlobalLibrary
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 1100898210-3081826266
                                                                                                                                                                                            • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                            • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                            • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GlobalFree.KERNELBASE(007D95F0), ref: 00401C0B
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                            • String ID: Set
                                                                                                                                                                                            • API String ID: 3292104215-3730400060
                                                                                                                                                                                            • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                            • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                            • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040259E Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004025D1
                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004025E4
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsh723C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Enum$CloseValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 397863658-0
                                                                                                                                                                                            • Opcode ID: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                                                                                            • Instruction ID: 08080f496e1fbaad801da7c4a2f11cdf7a22a5a493a276a89d416976773fa01e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 89c6ceebaf26a2410158c75cc71a1e3b778611476644ea09d24f59567d4f9c93
                                                                                                                                                                                            • Instruction Fuzzy Hash: 89017CB1A04105ABEB159F94DE58AAEB66CEF40348F10403AF501B61C0EBB85E44966D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                              • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1655745494-0
                                                                                                                                                                                            • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                            • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404472 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(00000408,?,00000000,004040D1), ref: 00404490
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID: x
                                                                                                                                                                                            • API String ID: 3850602802-2363233923
                                                                                                                                                                                            • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                                                                                            • Instruction ID: 1b38e0d23eed931a714c5b599c5829f4d2050063c4158495342b67dc2c27a344
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 10C01271140200EACB004B00DE01F0A7A20B7A0B02F209039F381210B087B05422DB0C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsh723C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3356406503-0
                                                                                                                                                                                            • Opcode ID: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                                                                                            • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3fb0128ec3c0afb48f28764f09fc95c95f98cfbd5e462e7a9813c2ba4e742ed8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040640B Relevance: 3.0, APIs: 2, Instructions: 44registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00650000,00650000,00000000,00000000,00432EA0,00000800,00000000,?,00000000,00650000,00650000,00432EA0,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                            • RegCloseKey.KERNEL32(00650000,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,00650000,00432EA0,00650000,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\), ref: 0040645C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3356406503-0
                                                                                                                                                                                            • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                            • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                            • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                            • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                            • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$EnableShow
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1136574915-0
                                                                                                                                                                                            • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                            • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                            • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3712363035-0
                                                                                                                                                                                            • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                            • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                              • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                              • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                              • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2547128583-0
                                                                                                                                                                                            • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                            • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402C05 Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(?,0000000B,00000001), ref: 00402C14
                                                                                                                                                                                            • InvalidateRect.USER32(?), ref: 00402C24
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InvalidateMessageRectSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 909852535-0
                                                                                                                                                                                            • Opcode ID: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                                                                                            • Instruction ID: 5efb85e177e5feb05262591b5578bbf68be0fc1facb886aaf0ec985341d6bcc2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0509652848a83ac1d7feddac23dc24ced32f84c0220a85d8a6f2313ae5a63aab
                                                                                                                                                                                            • Instruction Fuzzy Hash: CEE08C72700008FFEB01CBA4EE84DAEB779FB40315B00007AF502A00A0D7300D40DA28
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                            • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$AttributesCreate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 415043291-0
                                                                                                                                                                                            • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                            • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                            • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                            • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                            • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\nsh723C.tmp\, xrefs: 00403B31
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsh723C.tmp\
                                                                                                                                                                                            • API String ID: 2962429428-3041722732
                                                                                                                                                                                            • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                            • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                            • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1375471231-0
                                                                                                                                                                                            • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                            • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                            • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401FA4 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000,00424420,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\), ref: 0040560C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                              • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                              • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                            • FindCloseChangeNotification.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                              • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                              • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                              • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$CloseProcesslstrlen$ChangeCodeCreateExitFindHandleNotificationObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1543427666-0
                                                                                                                                                                                            • Opcode ID: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                                                                                            • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 11aaa4362747121357e125e8dbb3e446f77891c3c0f7104508ea78bcc2682684
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402891 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,?,00000000,?,?), ref: 004028AF
                                                                                                                                                                                              • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FilePointerwsprintf
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 327478801-0
                                                                                                                                                                                            • Opcode ID: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                            • Instruction ID: a13d1cf18dcce6f7d85bed0b4e0fde0de6b16079219dfacd376ffc086bc6f252
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a69bed114d0c3cb27e295a60469d00fb85b85c1c8bbaab52ea3f411131a6a45
                                                                                                                                                                                            • Instruction Fuzzy Hash: D3E09271A04105BFDB01EFA5AE499AEB3B8EF44319B10483BF102F00C1DA794D119B2D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                            • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                            • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                            • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                            • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,00650000,00432EA0,?,00650000,?,00406438,?,00000000,00650000,00650000,00432EA0,?), ref: 004063CE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                                            • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                            • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 281422827-0
                                                                                                                                                                                            • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                            • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                            • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(00030472,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                            • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                            • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                            • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExecuteShell
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 587946157-0
                                                                                                                                                                                            • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                            • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                            • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                            • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                            • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                            • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                            • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                            • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2492992576-0
                                                                                                                                                                                            • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                            • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                            • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                            • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                            • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 0040498A Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                            • lstrcmpiW.KERNEL32(00432EA0,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                            • lstrcatW.KERNEL32(?,00432EA0), ref: 00404AFD
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                              • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                              • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                              • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                              • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                              • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                            • String ID: 20221121000000%2E000000%2B000$A$C:\Program Files (x86)\Fast!
                                                                                                                                                                                            • API String ID: 2624150263-2687562964
                                                                                                                                                                                            • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                            • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                            • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Program Files (x86)\Fast!, xrefs: 00402269
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                            • API String ID: 542301482-1788482285
                                                                                                                                                                                            • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                            • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                            • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFindFirst
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1974802433-0
                                                                                                                                                                                            • Opcode ID: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                                                                                            • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 23bc45f7dafbc09bf3d58dfb9668e04a20f74da7ffae18e0ad0b6f577034eb1d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406D85 Relevance: .3, Instructions: 334COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                            • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                                                                                                                                                                                            • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                                                                                                                                                                                            • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040755C Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                            • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                                                                            • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404F06 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                            • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                              • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                            • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                            • String ID: $M$N
                                                                                                                                                                                            • API String ID: 2564846305-813528018
                                                                                                                                                                                            • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                            • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                            • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404658 Relevance: 35.2, APIs: 19, Strings: 1, Instructions: 204windowstringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                            • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                            • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                            • String ID: N
                                                                                                                                                                                            • API String ID: 3103080414-1130791706
                                                                                                                                                                                            • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                            • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                            • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                            • String ID: F
                                                                                                                                                                                            • API String ID: 941294808-1304234792
                                                                                                                                                                                            • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                            • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                            • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                              • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                              • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                            • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                            • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                              • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                              • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                            • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                            • API String ID: 2171350718-461813615
                                                                                                                                                                                            • Opcode ID: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                                                                                            • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0194637bb94274dabed0f9800811d2c41cbe4f0b5fb95fd5530e1cac65c060f3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                            • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                            • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                            • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2320649405-0
                                                                                                                                                                                            • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                            • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                            • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                            • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                            • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                            • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Char$Next$Prev
                                                                                                                                                                                            • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 589700163-4010320282
                                                                                                                                                                                            • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                            • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                            • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                            • API String ID: 41195575-1993550816
                                                                                                                                                                                            • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                            • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(00432EA0,00000000,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,?,004055D6,C:\Users\user\AppData\Local\Temp\nsh723C.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                            • String ID: MS Shell Dlg
                                                                                                                                                                                            • API String ID: 2584051700-76309092
                                                                                                                                                                                            • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                            • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                            • MulDiv.KERNEL32(0001A853,00000064,0001D5B8), ref: 00402FDC
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                            • String ID: verifying installer: %d%%
                                                                                                                                                                                            • API String ID: 1451636040-82062127
                                                                                                                                                                                            • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                            • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2667972263-0
                                                                                                                                                                                            • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                            • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1354259210-0
                                                                                                                                                                                            • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                            • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                            • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                            • String ID: %u.%u%s%s
                                                                                                                                                                                            • API String ID: 3540041739-3551169577
                                                                                                                                                                                            • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                            • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                            • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                            • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsh723C.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsh723C.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseValuelstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsh723C.tmp
                                                                                                                                                                                            • API String ID: 2655323295-2460233159
                                                                                                                                                                                            • Opcode ID: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                                                                                            • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f2741e17913f4b3ae47e715a678bc9f1b76d5c80f35dbb4c6e867a5b8f0e772
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                            • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                            • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                            • String ID: C:\
                                                                                                                                                                                            • API String ID: 3213498283-3404278061
                                                                                                                                                                                            • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                            • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 2659869361-3081826266
                                                                                                                                                                                            • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                            • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dll), ref: 00402695
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsh723C.tmp$C:\Users\user\AppData\Local\Temp\nsh723C.tmp\nsJSON.dll
                                                                                                                                                                                            • API String ID: 1659193697-1751133345
                                                                                                                                                                                            • Opcode ID: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                                                                                            • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: fbd5ee5e4de60feb08ffa62b35b3018c7a91bb86716aa8782bbd76b946f17d50
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                            • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2102729457-0
                                                                                                                                                                                            • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                            • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                            • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                            • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                              • Part of subcall function 004044E5: SendMessageW.USER32(00030472,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                                                                                                            • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                            • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                            • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                            • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,C:\Users\user\Desktop\9c23f857-b0b9-47d6-b664-47a3132066f4.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharPrevlstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\Desktop
                                                                                                                                                                                            • API String ID: 2709904686-224404859
                                                                                                                                                                                            • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                            • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                            • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1890445052.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1890432378.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890455593.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.000000000043A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890465933.0000000000440000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1890561372.0000000000466000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_9c23f857-b0b9-47d6-b664-47a3132066f4.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 190613189-0
                                                                                                                                                                                            • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                            • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:30.5%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:0%
                                                                                                                                                                                            Total number of Nodes:1352
                                                                                                                                                                                            Total number of Limit Nodes:36
                                                                                                                                                                                            execution_graph 2924 4015c1 2943 402da6 2924->2943 2928 401631 2930 401663 2928->2930 2931 401636 2928->2931 2933 401423 24 API calls 2930->2933 2967 401423 2931->2967 2940 40165b 2933->2940 2938 40164a SetCurrentDirectoryW 2938->2940 2939 401617 GetFileAttributesW 2941 4015d1 2939->2941 2941->2928 2941->2939 2955 405e39 2941->2955 2959 405b08 2941->2959 2962 405a6e CreateDirectoryW 2941->2962 2971 405aeb CreateDirectoryW 2941->2971 2944 402db2 2943->2944 2974 40657a 2944->2974 2947 4015c8 2949 405eb7 CharNextW CharNextW 2947->2949 2950 405ed4 2949->2950 2954 405ee6 2949->2954 2951 405ee1 CharNextW 2950->2951 2950->2954 2952 405f0a 2951->2952 2952->2941 2953 405e39 CharNextW 2953->2954 2954->2952 2954->2953 2956 405e3f 2955->2956 2957 405e55 2956->2957 2958 405e46 CharNextW 2956->2958 2957->2941 2958->2956 3012 40690a GetModuleHandleA 2959->3012 2963 405abb 2962->2963 2964 405abf GetLastError 2962->2964 2963->2941 2964->2963 2965 405ace SetFileSecurityW 2964->2965 2965->2963 2966 405ae4 GetLastError 2965->2966 2966->2963 3021 40559f 2967->3021 2970 40653d lstrcpynW 2970->2938 2972 405afb 2971->2972 2973 405aff GetLastError 2971->2973 2972->2941 2973->2972 2978 406587 2974->2978 2975 4067aa 2976 402dd3 2975->2976 3007 40653d lstrcpynW 2975->3007 2976->2947 2991 4067c4 2976->2991 2978->2975 2979 406778 lstrlenW 2978->2979 2982 40657a 10 API calls 2978->2982 2983 40668f GetSystemDirectoryW 2978->2983 2985 4066a2 GetWindowsDirectoryW 2978->2985 2986 406719 lstrcatW 2978->2986 2987 40657a 10 API calls 2978->2987 2988 4067c4 5 API calls 2978->2988 2989 4066d1 SHGetSpecialFolderLocation 2978->2989 3000 40640b 2978->3000 3005 406484 wsprintfW 2978->3005 3006 40653d lstrcpynW 2978->3006 2979->2978 2982->2979 2983->2978 2985->2978 2986->2978 2987->2978 2988->2978 2989->2978 2990 4066e9 SHGetPathFromIDListW CoTaskMemFree 2989->2990 2990->2978 2997 4067d1 2991->2997 2992 406847 2993 40684c CharPrevW 2992->2993 2995 40686d 2992->2995 2993->2992 2994 40683a CharNextW 2994->2992 2994->2997 2995->2947 2996 405e39 CharNextW 2996->2997 2997->2992 2997->2994 2997->2996 2998 406826 CharNextW 2997->2998 2999 406835 CharNextW 2997->2999 2998->2997 2999->2994 3008 4063aa 3000->3008 3003 40646f 3003->2978 3004 40643f RegQueryValueExW RegCloseKey 3004->3003 3005->2978 3006->2978 3007->2976 3009 4063b9 3008->3009 3010 4063c2 RegOpenKeyExW 3009->3010 3011 4063bd 3009->3011 3010->3011 3011->3003 3011->3004 3013 406930 GetProcAddress 3012->3013 3014 406926 3012->3014 3016 405b0f 3013->3016 3018 40689a GetSystemDirectoryW 3014->3018 3016->2941 3017 40692c 3017->3013 3017->3016 3019 4068bc wsprintfW LoadLibraryExW 3018->3019 3019->3017 3022 4055ba 3021->3022 3023 401431 3021->3023 3024 4055d6 lstrlenW 3022->3024 3025 40657a 17 API calls 3022->3025 3023->2970 3026 4055e4 lstrlenW 3024->3026 3027 4055ff 3024->3027 3025->3024 3026->3023 3028 4055f6 lstrcatW 3026->3028 3029 405612 3027->3029 3030 405605 SetWindowTextW 3027->3030 3028->3027 3029->3023 3031 405618 SendMessageW SendMessageW SendMessageW 3029->3031 3030->3029 3031->3023 3032 401941 3033 401943 3032->3033 3034 402da6 17 API calls 3033->3034 3035 401948 3034->3035 3038 405c49 3035->3038 3074 405f14 3038->3074 3041 405c71 DeleteFileW 3072 401951 3041->3072 3042 405c88 3043 405da8 3042->3043 3088 40653d lstrcpynW 3042->3088 3043->3072 3107 406873 FindFirstFileW 3043->3107 3045 405cae 3046 405cc1 3045->3046 3047 405cb4 lstrcatW 3045->3047 3098 405e58 lstrlenW 3046->3098 3049 405cc7 3047->3049 3051 405cd7 lstrcatW 3049->3051 3053 405ce2 lstrlenW FindFirstFileW 3049->3053 3051->3053 3053->3043 3065 405d04 3053->3065 3056 405d8b FindNextFileW 3060 405da1 FindClose 3056->3060 3056->3065 3057 405c01 5 API calls 3059 405de3 3057->3059 3061 405de7 3059->3061 3062 405dfd 3059->3062 3060->3043 3066 40559f 24 API calls 3061->3066 3061->3072 3064 40559f 24 API calls 3062->3064 3064->3072 3065->3056 3067 405c49 60 API calls 3065->3067 3069 40559f 24 API calls 3065->3069 3071 40559f 24 API calls 3065->3071 3089 40653d lstrcpynW 3065->3089 3090 405c01 3065->3090 3102 4062fd MoveFileExW 3065->3102 3068 405df4 3066->3068 3067->3065 3070 4062fd 36 API calls 3068->3070 3069->3056 3070->3072 3071->3065 3113 40653d lstrcpynW 3074->3113 3076 405f25 3077 405eb7 4 API calls 3076->3077 3078 405f2b 3077->3078 3079 405c69 3078->3079 3080 4067c4 5 API calls 3078->3080 3079->3041 3079->3042 3086 405f3b 3080->3086 3081 405f6c lstrlenW 3082 405f77 3081->3082 3081->3086 3084 405e0c 3 API calls 3082->3084 3083 406873 2 API calls 3083->3086 3085 405f7c GetFileAttributesW 3084->3085 3085->3079 3086->3079 3086->3081 3086->3083 3087 405e58 2 API calls 3086->3087 3087->3081 3088->3045 3089->3065 3114 406008 GetFileAttributesW 3090->3114 3093 405c2e 3093->3065 3094 405c24 DeleteFileW 3096 405c2a 3094->3096 3095 405c1c RemoveDirectoryW 3095->3096 3096->3093 3097 405c3a SetFileAttributesW 3096->3097 3097->3093 3099 405e66 3098->3099 3100 405e78 3099->3100 3101 405e6c CharPrevW 3099->3101 3100->3049 3101->3099 3101->3100 3103 406320 3102->3103 3104 406311 3102->3104 3103->3065 3117 406183 3104->3117 3108 405dcd 3107->3108 3109 406889 FindClose 3107->3109 3108->3072 3110 405e0c lstrlenW CharPrevW 3108->3110 3109->3108 3111 405dd7 3110->3111 3112 405e28 lstrcatW 3110->3112 3111->3057 3112->3111 3113->3076 3115 405c0d 3114->3115 3116 40601a SetFileAttributesW 3114->3116 3115->3093 3115->3094 3115->3095 3116->3115 3118 4061b3 3117->3118 3119 4061d9 GetShortPathNameW 3117->3119 3144 40602d GetFileAttributesW CreateFileW 3118->3144 3121 4062f8 3119->3121 3122 4061ee 3119->3122 3121->3103 3122->3121 3124 4061f6 wsprintfA 3122->3124 3123 4061bd CloseHandle GetShortPathNameW 3123->3121 3125 4061d1 3123->3125 3126 40657a 17 API calls 3124->3126 3125->3119 3125->3121 3127 40621e 3126->3127 3145 40602d GetFileAttributesW CreateFileW 3127->3145 3129 40622b 3129->3121 3130 40623a GetFileSize GlobalAlloc 3129->3130 3131 4062f1 CloseHandle 3130->3131 3132 40625c 3130->3132 3131->3121 3146 4060b0 ReadFile 3132->3146 3137 40627b lstrcpyA 3140 40629d 3137->3140 3138 40628f 3139 405f92 4 API calls 3138->3139 3139->3140 3141 4062d4 SetFilePointer 3140->3141 3153 4060df WriteFile 3141->3153 3144->3123 3145->3129 3147 4060ce 3146->3147 3147->3131 3148 405f92 lstrlenA 3147->3148 3149 405fd3 lstrlenA 3148->3149 3150 405fdb 3149->3150 3151 405fac lstrcmpiA 3149->3151 3150->3137 3150->3138 3151->3150 3152 405fca CharNextA 3151->3152 3152->3149 3154 4060fd GlobalFree 3153->3154 3154->3131 3155 401c43 3177 402d84 3155->3177 3157 401c4a 3158 402d84 17 API calls 3157->3158 3159 401c57 3158->3159 3160 401c6c 3159->3160 3161 402da6 17 API calls 3159->3161 3162 401c7c 3160->3162 3163 402da6 17 API calls 3160->3163 3161->3160 3164 401cd3 3162->3164 3165 401c87 3162->3165 3163->3162 3167 402da6 17 API calls 3164->3167 3166 402d84 17 API calls 3165->3166 3169 401c8c 3166->3169 3168 401cd8 3167->3168 3170 402da6 17 API calls 3168->3170 3171 402d84 17 API calls 3169->3171 3172 401ce1 FindWindowExW 3170->3172 3173 401c98 3171->3173 3176 401d03 3172->3176 3174 401cc3 SendMessageW 3173->3174 3175 401ca5 SendMessageTimeoutW 3173->3175 3174->3176 3175->3176 3178 40657a 17 API calls 3177->3178 3179 402d99 3178->3179 3179->3157 3856 404943 3857 404953 3856->3857 3858 404979 3856->3858 3859 404499 18 API calls 3857->3859 3860 404500 8 API calls 3858->3860 3861 404960 SetDlgItemTextW 3859->3861 3862 404985 3860->3862 3861->3858 3863 4028c4 3864 4028ca 3863->3864 3865 4028d2 FindClose 3864->3865 3866 402c2a 3864->3866 3865->3866 3870 4016cc 3871 402da6 17 API calls 3870->3871 3872 4016d2 GetFullPathNameW 3871->3872 3873 4016ec 3872->3873 3879 40170e 3872->3879 3876 406873 2 API calls 3873->3876 3873->3879 3874 401723 GetShortPathNameW 3875 402c2a 3874->3875 3877 4016fe 3876->3877 3877->3879 3880 40653d lstrcpynW 3877->3880 3879->3874 3879->3875 3880->3879 3881 401e4e GetDC 3882 402d84 17 API calls 3881->3882 3883 401e60 GetDeviceCaps MulDiv ReleaseDC 3882->3883 3884 402d84 17 API calls 3883->3884 3885 401e91 3884->3885 3886 40657a 17 API calls 3885->3886 3887 401ece CreateFontIndirectW 3886->3887 3888 402638 3887->3888 3889 4045cf lstrcpynW lstrlenW 3602 402950 3603 402da6 17 API calls 3602->3603 3605 40295c 3603->3605 3604 402972 3607 406008 2 API calls 3604->3607 3605->3604 3606 402da6 17 API calls 3605->3606 3606->3604 3608 402978 3607->3608 3630 40602d GetFileAttributesW CreateFileW 3608->3630 3610 402985 3611 402a3b 3610->3611 3612 4029a0 GlobalAlloc 3610->3612 3613 402a23 3610->3613 3614 402a42 DeleteFileW 3611->3614 3615 402a55 3611->3615 3612->3613 3616 4029b9 3612->3616 3617 4032b4 31 API calls 3613->3617 3614->3615 3631 4034e5 SetFilePointer 3616->3631 3619 402a30 CloseHandle 3617->3619 3619->3611 3620 4029bf 3621 4034cf ReadFile 3620->3621 3622 4029c8 GlobalAlloc 3621->3622 3623 4029d8 3622->3623 3624 402a0c 3622->3624 3625 4032b4 31 API calls 3623->3625 3626 4060df WriteFile 3624->3626 3629 4029e5 3625->3629 3627 402a18 GlobalFree 3626->3627 3627->3613 3628 402a03 GlobalFree 3628->3624 3629->3628 3630->3610 3631->3620 3890 401956 3891 402da6 17 API calls 3890->3891 3892 40195d lstrlenW 3891->3892 3893 402638 3892->3893 3643 4014d7 3644 402d84 17 API calls 3643->3644 3645 4014dd Sleep 3644->3645 3647 402c2a 3645->3647 3648 4020d8 3649 4020ea 3648->3649 3659 40219c 3648->3659 3650 402da6 17 API calls 3649->3650 3652 4020f1 3650->3652 3651 401423 24 API calls 3657 4022f6 3651->3657 3653 402da6 17 API calls 3652->3653 3654 4020fa 3653->3654 3655 402110 LoadLibraryExW 3654->3655 3656 402102 GetModuleHandleW 3654->3656 3658 402121 3655->3658 3655->3659 3656->3655 3656->3658 3668 406979 3658->3668 3659->3651 3662 402132 3665 401423 24 API calls 3662->3665 3666 402142 3662->3666 3663 40216b 3664 40559f 24 API calls 3663->3664 3664->3666 3665->3666 3666->3657 3667 40218e FreeLibrary 3666->3667 3667->3657 3673 40655f WideCharToMultiByte 3668->3673 3670 406996 3671 40699d GetProcAddress 3670->3671 3672 40212c 3670->3672 3671->3672 3672->3662 3672->3663 3673->3670 3894 404658 3895 404670 3894->3895 3901 40478a 3894->3901 3902 404499 18 API calls 3895->3902 3896 4047f4 3897 4048be 3896->3897 3898 4047fe GetDlgItem 3896->3898 3903 404500 8 API calls 3897->3903 3899 404818 3898->3899 3900 40487f 3898->3900 3899->3900 3907 40483e SendMessageW LoadCursorW SetCursor 3899->3907 3900->3897 3908 404891 3900->3908 3901->3896 3901->3897 3904 4047c5 GetDlgItem SendMessageW 3901->3904 3905 4046d7 3902->3905 3906 4048b9 3903->3906 3927 4044bb KiUserCallbackDispatcher 3904->3927 3910 404499 18 API calls 3905->3910 3931 404907 3907->3931 3913 4048a7 3908->3913 3914 404897 SendMessageW 3908->3914 3911 4046e4 CheckDlgButton 3910->3911 3925 4044bb KiUserCallbackDispatcher 3911->3925 3913->3906 3918 4048ad SendMessageW 3913->3918 3914->3913 3915 4047ef 3928 4048e3 3915->3928 3918->3906 3920 404702 GetDlgItem 3926 4044ce SendMessageW 3920->3926 3922 404718 SendMessageW 3923 404735 GetSysColor 3922->3923 3924 40473e SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 3922->3924 3923->3924 3924->3906 3925->3920 3926->3922 3927->3915 3929 4048f1 3928->3929 3930 4048f6 SendMessageW 3928->3930 3929->3930 3930->3896 3934 405b63 ShellExecuteExW 3931->3934 3933 40486d LoadCursorW SetCursor 3933->3900 3934->3933 3935 402b59 3936 402b60 3935->3936 3937 402bab 3935->3937 3940 402d84 17 API calls 3936->3940 3943 402ba9 3936->3943 3938 40690a 5 API calls 3937->3938 3939 402bb2 3938->3939 3941 402da6 17 API calls 3939->3941 3942 402b6e 3940->3942 3944 402bbb 3941->3944 3945 402d84 17 API calls 3942->3945 3944->3943 3946 402bbf IIDFromString 3944->3946 3948 402b7a 3945->3948 3946->3943 3947 402bce 3946->3947 3947->3943 3953 40653d lstrcpynW 3947->3953 3952 406484 wsprintfW 3948->3952 3951 402beb CoTaskMemFree 3951->3943 3952->3943 3953->3951 3793 40175c 3794 402da6 17 API calls 3793->3794 3795 401763 3794->3795 3796 40605c 2 API calls 3795->3796 3797 40176a 3796->3797 3798 40605c 2 API calls 3797->3798 3798->3797 3954 401d5d 3955 402d84 17 API calls 3954->3955 3956 401d6e SetWindowLongW 3955->3956 3957 402c2a 3956->3957 3799 401ede 3800 402d84 17 API calls 3799->3800 3801 401ee4 3800->3801 3802 402d84 17 API calls 3801->3802 3803 401ef0 3802->3803 3804 401f07 EnableWindow 3803->3804 3805 401efc ShowWindow 3803->3805 3806 402c2a 3804->3806 3805->3806 3807 4056de 3808 405888 3807->3808 3809 4056ff GetDlgItem GetDlgItem GetDlgItem 3807->3809 3811 405891 GetDlgItem CreateThread CloseHandle 3808->3811 3812 4058b9 3808->3812 3852 4044ce SendMessageW 3809->3852 3811->3812 3855 405672 5 API calls 3811->3855 3814 4058e4 3812->3814 3816 4058d0 ShowWindow ShowWindow 3812->3816 3817 405909 3812->3817 3813 40576f 3821 405776 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3813->3821 3815 405944 3814->3815 3818 4058f8 3814->3818 3819 40591e ShowWindow 3814->3819 3815->3817 3828 405952 SendMessageW 3815->3828 3854 4044ce SendMessageW 3816->3854 3820 404500 8 API calls 3817->3820 3823 404472 SendMessageW 3818->3823 3824 405930 3819->3824 3825 40593e 3819->3825 3833 405917 3820->3833 3826 4057e4 3821->3826 3827 4057c8 SendMessageW SendMessageW 3821->3827 3823->3817 3829 40559f 24 API calls 3824->3829 3830 404472 SendMessageW 3825->3830 3831 4057f7 3826->3831 3832 4057e9 SendMessageW 3826->3832 3827->3826 3828->3833 3834 40596b CreatePopupMenu 3828->3834 3829->3825 3830->3815 3836 404499 18 API calls 3831->3836 3832->3831 3835 40657a 17 API calls 3834->3835 3837 40597b AppendMenuW 3835->3837 3838 405807 3836->3838 3839 405998 GetWindowRect 3837->3839 3840 4059ab TrackPopupMenu 3837->3840 3841 405810 ShowWindow 3838->3841 3842 405844 GetDlgItem SendMessageW 3838->3842 3839->3840 3840->3833 3843 4059c6 3840->3843 3844 405833 3841->3844 3845 405826 ShowWindow 3841->3845 3842->3833 3846 40586b SendMessageW SendMessageW 3842->3846 3847 4059e2 SendMessageW 3843->3847 3853 4044ce SendMessageW 3844->3853 3845->3844 3846->3833 3847->3847 3848 4059ff OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3847->3848 3850 405a24 SendMessageW 3848->3850 3850->3850 3851 405a4d GlobalUnlock SetClipboardData CloseClipboard 3850->3851 3851->3833 3852->3813 3853->3842 3854->3814 3958 4028de 3959 4028e6 3958->3959 3960 4028ea FindNextFileW 3959->3960 3963 4028fc 3959->3963 3961 402943 3960->3961 3960->3963 3964 40653d lstrcpynW 3961->3964 3964->3963 3965 404ce0 3966 404cf0 3965->3966 3967 404d0c 3965->3967 3976 405b81 GetDlgItemTextW 3966->3976 3968 404d12 SHGetPathFromIDListW 3967->3968 3969 404d3f 3967->3969 3971 404d29 SendMessageW 3968->3971 3972 404d22 3968->3972 3971->3969 3974 40140b 2 API calls 3972->3974 3973 404cfd SendMessageW 3973->3967 3974->3971 3976->3973 3180 405b63 ShellExecuteExW 3977 401563 3978 402ba4 3977->3978 3981 406484 wsprintfW 3978->3981 3980 402ba9 3981->3980 3982 401968 3983 402d84 17 API calls 3982->3983 3984 40196f 3983->3984 3985 402d84 17 API calls 3984->3985 3986 40197c 3985->3986 3987 402da6 17 API calls 3986->3987 3988 401993 lstrlenW 3987->3988 3989 4019a4 3988->3989 3993 4019e5 3989->3993 3994 40653d lstrcpynW 3989->3994 3991 4019d5 3992 4019da lstrlenW 3991->3992 3991->3993 3992->3993 3994->3991 3995 40166a 3996 402da6 17 API calls 3995->3996 3997 401670 3996->3997 3998 406873 2 API calls 3997->3998 3999 401676 3998->3999 4000 402aeb 4001 402d84 17 API calls 4000->4001 4002 402af1 4001->4002 4003 40292e 4002->4003 4004 40657a 17 API calls 4002->4004 4004->4003 3291 4026ec 3292 402d84 17 API calls 3291->3292 3293 4026fb 3292->3293 3294 402745 ReadFile 3293->3294 3295 4060b0 ReadFile 3293->3295 3296 4027de 3293->3296 3298 402785 MultiByteToWideChar 3293->3298 3299 40283a 3293->3299 3301 4027ab SetFilePointer MultiByteToWideChar 3293->3301 3302 40284b 3293->3302 3304 402838 3293->3304 3294->3293 3294->3304 3295->3293 3296->3293 3296->3304 3305 40610e SetFilePointer 3296->3305 3298->3293 3314 406484 wsprintfW 3299->3314 3301->3293 3303 40286c SetFilePointer 3302->3303 3302->3304 3303->3304 3306 40612a 3305->3306 3309 406142 3305->3309 3307 4060b0 ReadFile 3306->3307 3308 406136 3307->3308 3308->3309 3310 406173 SetFilePointer 3308->3310 3311 40614b SetFilePointer 3308->3311 3309->3296 3310->3309 3311->3310 3312 406156 3311->3312 3313 4060df WriteFile 3312->3313 3313->3309 3314->3304 3561 40176f 3562 402da6 17 API calls 3561->3562 3563 401776 3562->3563 3564 401796 3563->3564 3565 40179e 3563->3565 3600 40653d lstrcpynW 3564->3600 3601 40653d lstrcpynW 3565->3601 3568 40179c 3572 4067c4 5 API calls 3568->3572 3569 4017a9 3570 405e0c 3 API calls 3569->3570 3571 4017af lstrcatW 3570->3571 3571->3568 3589 4017bb 3572->3589 3573 406873 2 API calls 3573->3589 3574 406008 2 API calls 3574->3589 3576 4017cd CompareFileTime 3576->3589 3577 40188d 3579 40559f 24 API calls 3577->3579 3578 401864 3580 40559f 24 API calls 3578->3580 3584 401879 3578->3584 3582 401897 3579->3582 3580->3584 3581 40653d lstrcpynW 3581->3589 3583 4032b4 31 API calls 3582->3583 3585 4018aa 3583->3585 3586 4018be SetFileTime 3585->3586 3587 4018d0 FindCloseChangeNotification 3585->3587 3586->3587 3587->3584 3590 4018e1 3587->3590 3588 40657a 17 API calls 3588->3589 3589->3573 3589->3574 3589->3576 3589->3577 3589->3578 3589->3581 3589->3588 3595 405b9d MessageBoxIndirectW 3589->3595 3599 40602d GetFileAttributesW CreateFileW 3589->3599 3591 4018e6 3590->3591 3592 4018f9 3590->3592 3593 40657a 17 API calls 3591->3593 3594 40657a 17 API calls 3592->3594 3596 4018ee lstrcatW 3593->3596 3597 401901 3594->3597 3595->3589 3596->3597 3598 405b9d MessageBoxIndirectW 3597->3598 3598->3584 3599->3589 3600->3568 3601->3569 4005 401a72 4006 402d84 17 API calls 4005->4006 4007 401a7b 4006->4007 4008 402d84 17 API calls 4007->4008 4009 401a20 4008->4009 4010 401573 4011 401583 ShowWindow 4010->4011 4012 40158c 4010->4012 4011->4012 4013 402c2a 4012->4013 4014 40159a ShowWindow 4012->4014 4014->4013 4015 4023f4 4016 402da6 17 API calls 4015->4016 4017 402403 4016->4017 4018 402da6 17 API calls 4017->4018 4019 40240c 4018->4019 4020 402da6 17 API calls 4019->4020 4021 402416 GetPrivateProfileStringW 4020->4021 4022 4014f5 SetForegroundWindow 4023 402c2a 4022->4023 4024 401ff6 4025 402da6 17 API calls 4024->4025 4026 401ffd 4025->4026 4027 406873 2 API calls 4026->4027 4028 402003 4027->4028 4030 402014 4028->4030 4031 406484 wsprintfW 4028->4031 4031->4030 4032 401b77 4033 402da6 17 API calls 4032->4033 4034 401b7e 4033->4034 4035 402d84 17 API calls 4034->4035 4036 401b87 wsprintfW 4035->4036 4037 402c2a 4036->4037 4038 40167b 4039 402da6 17 API calls 4038->4039 4040 401682 4039->4040 4041 402da6 17 API calls 4040->4041 4042 40168b 4041->4042 4043 402da6 17 API calls 4042->4043 4044 401694 MoveFileW 4043->4044 4045 4016a7 4044->4045 4051 4016a0 4044->4051 4047 406873 2 API calls 4045->4047 4049 4022f6 4045->4049 4046 401423 24 API calls 4046->4049 4048 4016b6 4047->4048 4048->4049 4050 4062fd 36 API calls 4048->4050 4050->4051 4051->4046 4052 4019ff 4053 402da6 17 API calls 4052->4053 4054 401a06 4053->4054 4055 402da6 17 API calls 4054->4055 4056 401a0f 4055->4056 4057 401a16 lstrcmpiW 4056->4057 4058 401a28 lstrcmpW 4056->4058 4059 401a1c 4057->4059 4058->4059 4060 4022ff 4061 402da6 17 API calls 4060->4061 4062 402305 4061->4062 4063 402da6 17 API calls 4062->4063 4064 40230e 4063->4064 4065 402da6 17 API calls 4064->4065 4066 402317 4065->4066 4067 406873 2 API calls 4066->4067 4068 402320 4067->4068 4069 402331 lstrlenW lstrlenW 4068->4069 4070 402324 4068->4070 4072 40559f 24 API calls 4069->4072 4071 40559f 24 API calls 4070->4071 4074 40232c 4070->4074 4071->4074 4073 40236f SHFileOperationW 4072->4073 4073->4070 4073->4074 4075 401000 4076 401037 BeginPaint GetClientRect 4075->4076 4077 40100c DefWindowProcW 4075->4077 4079 4010f3 4076->4079 4082 401179 4077->4082 4080 401073 CreateBrushIndirect FillRect DeleteObject 4079->4080 4081 4010fc 4079->4081 4080->4079 4083 401102 CreateFontIndirectW 4081->4083 4084 401167 EndPaint 4081->4084 4083->4084 4085 401112 6 API calls 4083->4085 4084->4082 4085->4084 4086 401d81 4087 401d94 GetDlgItem 4086->4087 4088 401d87 4086->4088 4090 401d8e 4087->4090 4089 402d84 17 API calls 4088->4089 4089->4090 4091 401dd5 GetClientRect LoadImageW SendMessageW 4090->4091 4092 402da6 17 API calls 4090->4092 4094 401e33 4091->4094 4096 401e3f 4091->4096 4092->4091 4095 401e38 DeleteObject 4094->4095 4094->4096 4095->4096 4097 401503 4098 40150b 4097->4098 4100 40151e 4097->4100 4099 402d84 17 API calls 4098->4099 4099->4100 4101 402383 4102 40238a 4101->4102 4105 40239d 4101->4105 4103 40657a 17 API calls 4102->4103 4104 402397 4103->4104 4106 405b9d MessageBoxIndirectW 4104->4106 4106->4105 4107 402c05 SendMessageW 4108 402c2a 4107->4108 4109 402c1f InvalidateRect 4107->4109 4109->4108 4110 404f06 GetDlgItem GetDlgItem 4111 404f58 7 API calls 4110->4111 4117 40517d 4110->4117 4112 404ff2 SendMessageW 4111->4112 4113 404fff DeleteObject 4111->4113 4112->4113 4114 405008 4113->4114 4115 40503f 4114->4115 4118 40657a 17 API calls 4114->4118 4119 404499 18 API calls 4115->4119 4116 40525f 4120 40530b 4116->4120 4130 4052b8 SendMessageW 4116->4130 4150 405170 4116->4150 4117->4116 4121 4051ec 4117->4121 4164 404e54 SendMessageW 4117->4164 4124 405021 SendMessageW SendMessageW 4118->4124 4125 405053 4119->4125 4122 405315 SendMessageW 4120->4122 4123 40531d 4120->4123 4121->4116 4126 405251 SendMessageW 4121->4126 4122->4123 4132 405336 4123->4132 4133 40532f ImageList_Destroy 4123->4133 4148 405346 4123->4148 4124->4114 4129 404499 18 API calls 4125->4129 4126->4116 4127 404500 8 API calls 4131 40550c 4127->4131 4143 405064 4129->4143 4135 4052cd SendMessageW 4130->4135 4130->4150 4136 40533f GlobalFree 4132->4136 4132->4148 4133->4132 4134 4054c0 4139 4054d2 ShowWindow GetDlgItem ShowWindow 4134->4139 4134->4150 4138 4052e0 4135->4138 4136->4148 4137 40513f GetWindowLongW SetWindowLongW 4140 405158 4137->4140 4149 4052f1 SendMessageW 4138->4149 4139->4150 4141 405175 4140->4141 4142 40515d ShowWindow 4140->4142 4163 4044ce SendMessageW 4141->4163 4162 4044ce SendMessageW 4142->4162 4143->4137 4144 40513a 4143->4144 4147 4050b7 SendMessageW 4143->4147 4151 4050f5 SendMessageW 4143->4151 4152 405109 SendMessageW 4143->4152 4144->4137 4144->4140 4147->4143 4148->4134 4155 405381 4148->4155 4169 404ed4 4148->4169 4149->4120 4150->4127 4151->4143 4152->4143 4154 40548b 4156 405496 InvalidateRect 4154->4156 4159 4054a2 4154->4159 4157 4053af SendMessageW 4155->4157 4158 4053c5 4155->4158 4156->4159 4157->4158 4158->4154 4160 405439 SendMessageW SendMessageW 4158->4160 4159->4134 4178 404e0f 4159->4178 4160->4158 4162->4150 4163->4117 4165 404eb3 SendMessageW 4164->4165 4166 404e77 GetMessagePos ScreenToClient SendMessageW 4164->4166 4168 404eab 4165->4168 4167 404eb0 4166->4167 4166->4168 4167->4165 4168->4121 4181 40653d lstrcpynW 4169->4181 4171 404ee7 4182 406484 wsprintfW 4171->4182 4173 404ef1 4174 40140b 2 API calls 4173->4174 4175 404efa 4174->4175 4183 40653d lstrcpynW 4175->4183 4177 404f01 4177->4155 4184 404d46 4178->4184 4180 404e24 4180->4134 4181->4171 4182->4173 4183->4177 4185 404d5f 4184->4185 4186 40657a 17 API calls 4185->4186 4187 404dc3 4186->4187 4188 40657a 17 API calls 4187->4188 4189 404dce 4188->4189 4190 40657a 17 API calls 4189->4190 4191 404de4 lstrlenW wsprintfW SetDlgItemTextW 4190->4191 4191->4180 4192 404609 lstrlenW 4193 404628 4192->4193 4194 40462a WideCharToMultiByte 4192->4194 4193->4194 3209 40248a 3210 402da6 17 API calls 3209->3210 3211 40249c 3210->3211 3212 402da6 17 API calls 3211->3212 3213 4024a6 3212->3213 3226 402e36 3213->3226 3216 40292e 3217 4024de 3219 4024ea 3217->3219 3221 402d84 17 API calls 3217->3221 3218 402da6 17 API calls 3220 4024d4 lstrlenW 3218->3220 3222 402509 RegSetValueExW 3219->3222 3230 4032b4 3219->3230 3220->3217 3221->3219 3224 40251f RegCloseKey 3222->3224 3224->3216 3227 402e51 3226->3227 3250 4063d8 3227->3250 3231 4032cd 3230->3231 3232 4032fb 3231->3232 3257 4034e5 SetFilePointer 3231->3257 3254 4034cf 3232->3254 3236 403468 3238 4034aa 3236->3238 3241 40346c 3236->3241 3237 403318 GetTickCount 3242 403452 3237->3242 3246 403367 3237->3246 3239 4034cf ReadFile 3238->3239 3239->3242 3240 4034cf ReadFile 3240->3246 3241->3242 3243 4034cf ReadFile 3241->3243 3244 4060df WriteFile 3241->3244 3242->3222 3243->3241 3244->3241 3245 4033bd GetTickCount 3245->3246 3246->3240 3246->3242 3246->3245 3247 4033e2 MulDiv wsprintfW 3246->3247 3249 4060df WriteFile 3246->3249 3248 40559f 24 API calls 3247->3248 3248->3246 3249->3246 3251 4063e7 3250->3251 3252 4063f2 RegCreateKeyExW 3251->3252 3253 4024b6 3251->3253 3252->3253 3253->3216 3253->3217 3253->3218 3255 4060b0 ReadFile 3254->3255 3256 403306 3255->3256 3256->3236 3256->3237 3256->3242 3257->3232 4195 40498a 4196 4049b6 4195->4196 4197 4049c7 4195->4197 4256 405b81 GetDlgItemTextW 4196->4256 4198 4049d3 GetDlgItem 4197->4198 4205 404a32 4197->4205 4201 4049e7 4198->4201 4200 4049c1 4203 4067c4 5 API calls 4200->4203 4204 4049fb SetWindowTextW 4201->4204 4208 405eb7 4 API calls 4201->4208 4202 404b16 4254 404cc5 4202->4254 4258 405b81 GetDlgItemTextW 4202->4258 4203->4197 4209 404499 18 API calls 4204->4209 4205->4202 4210 40657a 17 API calls 4205->4210 4205->4254 4207 404500 8 API calls 4212 404cd9 4207->4212 4213 4049f1 4208->4213 4214 404a17 4209->4214 4215 404aa6 SHBrowseForFolderW 4210->4215 4211 404b46 4216 405f14 18 API calls 4211->4216 4213->4204 4220 405e0c 3 API calls 4213->4220 4217 404499 18 API calls 4214->4217 4215->4202 4218 404abe CoTaskMemFree 4215->4218 4219 404b4c 4216->4219 4221 404a25 4217->4221 4222 405e0c 3 API calls 4218->4222 4259 40653d lstrcpynW 4219->4259 4220->4204 4257 4044ce SendMessageW 4221->4257 4224 404acb 4222->4224 4227 404b02 SetDlgItemTextW 4224->4227 4231 40657a 17 API calls 4224->4231 4226 404a2b 4229 40690a 5 API calls 4226->4229 4227->4202 4228 404b63 4230 40690a 5 API calls 4228->4230 4229->4205 4242 404b6a 4230->4242 4232 404aea lstrcmpiW 4231->4232 4232->4227 4234 404afb lstrcatW 4232->4234 4233 404bab 4260 40653d lstrcpynW 4233->4260 4234->4227 4236 404bb2 4237 405eb7 4 API calls 4236->4237 4238 404bb8 GetDiskFreeSpaceW 4237->4238 4240 404bdc MulDiv 4238->4240 4244 404c03 4238->4244 4240->4244 4241 405e58 2 API calls 4241->4242 4242->4233 4242->4241 4242->4244 4243 404c74 4246 404c97 4243->4246 4248 40140b 2 API calls 4243->4248 4244->4243 4245 404e0f 20 API calls 4244->4245 4247 404c61 4245->4247 4261 4044bb KiUserCallbackDispatcher 4246->4261 4249 404c76 SetDlgItemTextW 4247->4249 4250 404c66 4247->4250 4248->4246 4249->4243 4252 404d46 20 API calls 4250->4252 4252->4243 4253 404cb3 4253->4254 4255 4048e3 SendMessageW 4253->4255 4254->4207 4255->4254 4256->4200 4257->4226 4258->4211 4259->4228 4260->4236 4261->4253 4262 40290b 4263 402da6 17 API calls 4262->4263 4264 402912 FindFirstFileW 4263->4264 4265 40293a 4264->4265 4268 402925 4264->4268 4270 406484 wsprintfW 4265->4270 4267 402943 4271 40653d lstrcpynW 4267->4271 4270->4267 4271->4268 4272 40190c 4273 401943 4272->4273 4274 402da6 17 API calls 4273->4274 4275 401948 4274->4275 4276 405c49 67 API calls 4275->4276 4277 401951 4276->4277 4278 40190f 4279 402da6 17 API calls 4278->4279 4280 401916 4279->4280 4281 405b9d MessageBoxIndirectW 4280->4281 4282 40191f 4281->4282 4283 401491 4284 40559f 24 API calls 4283->4284 4285 401498 4284->4285 4286 402891 4287 402898 4286->4287 4290 402ba9 4286->4290 4288 402d84 17 API calls 4287->4288 4289 40289f 4288->4289 4291 4028ae SetFilePointer 4289->4291 4291->4290 4292 4028be 4291->4292 4294 406484 wsprintfW 4292->4294 4294->4290 3632 403b12 3633 403b2a 3632->3633 3634 403b1c CloseHandle 3632->3634 3639 403b57 3633->3639 3634->3633 3637 405c49 67 API calls 3638 403b3b 3637->3638 3641 403b65 3639->3641 3640 403b2f 3640->3637 3641->3640 3642 403b6a FreeLibrary GlobalFree 3641->3642 3642->3640 3642->3642 4295 401f12 4296 402da6 17 API calls 4295->4296 4297 401f18 4296->4297 4298 402da6 17 API calls 4297->4298 4299 401f21 4298->4299 4300 402da6 17 API calls 4299->4300 4301 401f2a 4300->4301 4302 402da6 17 API calls 4301->4302 4303 401f33 4302->4303 4304 401423 24 API calls 4303->4304 4305 401f3a 4304->4305 4312 405b63 ShellExecuteExW 4305->4312 4307 401f82 4308 40292e 4307->4308 4309 4069b5 5 API calls 4307->4309 4310 401f9f CloseHandle 4309->4310 4310->4308 4312->4307 4313 405513 4314 405523 4313->4314 4315 405537 4313->4315 4316 405580 4314->4316 4317 405529 4314->4317 4318 40553f IsWindowVisible 4315->4318 4324 405556 4315->4324 4319 405585 CallWindowProcW 4316->4319 4320 4044e5 SendMessageW 4317->4320 4318->4316 4321 40554c 4318->4321 4322 405533 4319->4322 4320->4322 4323 404e54 5 API calls 4321->4323 4323->4324 4324->4319 4325 404ed4 4 API calls 4324->4325 4325->4316 4326 402f93 4327 402fa5 SetTimer 4326->4327 4328 402fbe 4326->4328 4327->4328 4329 403013 4328->4329 4330 402fd8 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4328->4330 4330->4329 4331 401d17 4332 402d84 17 API calls 4331->4332 4333 401d1d IsWindow 4332->4333 4334 401a20 4333->4334 3674 403f9a 3675 403fb2 3674->3675 3676 404113 3674->3676 3675->3676 3677 403fbe 3675->3677 3678 404164 3676->3678 3679 404124 GetDlgItem GetDlgItem 3676->3679 3681 403fc9 SetWindowPos 3677->3681 3682 403fdc 3677->3682 3680 4041be 3678->3680 3691 401389 2 API calls 3678->3691 3683 404499 18 API calls 3679->3683 3684 4044e5 SendMessageW 3680->3684 3692 40410e 3680->3692 3681->3682 3685 403fe5 ShowWindow 3682->3685 3686 404027 3682->3686 3687 40414e SetClassLongW 3683->3687 3714 4041d0 3684->3714 3693 404100 3685->3693 3694 404005 GetWindowLongW 3685->3694 3688 404046 3686->3688 3689 40402f DestroyWindow 3686->3689 3690 40140b 2 API calls 3687->3690 3696 40404b SetWindowLongW 3688->3696 3697 40405c 3688->3697 3695 404422 3689->3695 3690->3678 3698 404196 3691->3698 3756 404500 3693->3756 3694->3693 3700 40401e ShowWindow 3694->3700 3695->3692 3707 404453 ShowWindow 3695->3707 3696->3692 3697->3693 3701 404068 GetDlgItem 3697->3701 3698->3680 3702 40419a SendMessageW 3698->3702 3700->3686 3705 404096 3701->3705 3706 404079 SendMessageW IsWindowEnabled 3701->3706 3702->3692 3703 40140b 2 API calls 3703->3714 3704 404424 DestroyWindow KiUserCallbackDispatcher 3704->3695 3709 4040a3 3705->3709 3711 4040ea SendMessageW 3705->3711 3712 4040b6 3705->3712 3721 40409b 3705->3721 3706->3692 3706->3705 3707->3692 3708 40657a 17 API calls 3708->3714 3709->3711 3709->3721 3711->3693 3715 4040d3 3712->3715 3716 4040be 3712->3716 3713 4040d1 3713->3693 3714->3692 3714->3703 3714->3704 3714->3708 3717 404499 18 API calls 3714->3717 3738 404364 DestroyWindow 3714->3738 3747 404499 3714->3747 3718 40140b 2 API calls 3715->3718 3719 40140b 2 API calls 3716->3719 3717->3714 3720 4040da 3718->3720 3719->3721 3720->3693 3720->3721 3753 404472 3721->3753 3723 40424b GetDlgItem 3724 404260 3723->3724 3725 404268 ShowWindow KiUserCallbackDispatcher 3723->3725 3724->3725 3750 4044bb KiUserCallbackDispatcher 3725->3750 3727 404292 EnableWindow 3732 4042a6 3727->3732 3728 4042ab GetSystemMenu EnableMenuItem SendMessageW 3729 4042db SendMessageW 3728->3729 3728->3732 3729->3732 3731 403f7b 18 API calls 3731->3732 3732->3728 3732->3731 3751 4044ce SendMessageW 3732->3751 3752 40653d lstrcpynW 3732->3752 3734 40430a lstrlenW 3735 40657a 17 API calls 3734->3735 3736 404320 SetWindowTextW 3735->3736 3737 401389 2 API calls 3736->3737 3737->3714 3738->3695 3739 40437e CreateDialogParamW 3738->3739 3739->3695 3740 4043b1 3739->3740 3741 404499 18 API calls 3740->3741 3742 4043bc GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3741->3742 3743 401389 2 API calls 3742->3743 3744 404402 3743->3744 3744->3692 3745 40440a ShowWindow 3744->3745 3746 4044e5 SendMessageW 3745->3746 3746->3695 3748 40657a 17 API calls 3747->3748 3749 4044a4 SetDlgItemTextW 3748->3749 3749->3723 3750->3727 3751->3732 3752->3734 3754 404479 3753->3754 3755 40447f SendMessageW 3753->3755 3754->3755 3755->3713 3757 4045c3 3756->3757 3758 404518 GetWindowLongW 3756->3758 3757->3692 3758->3757 3759 40452d 3758->3759 3759->3757 3760 40455a GetSysColor 3759->3760 3761 40455d 3759->3761 3760->3761 3762 404563 SetTextColor 3761->3762 3763 40456d SetBkMode 3761->3763 3762->3763 3764 404585 GetSysColor 3763->3764 3765 40458b 3763->3765 3764->3765 3766 404592 SetBkColor 3765->3766 3767 40459c 3765->3767 3766->3767 3767->3757 3768 4045b6 CreateBrushIndirect 3767->3768 3769 4045af DeleteObject 3767->3769 3768->3757 3769->3768 3770 401b9b 3771 401ba8 3770->3771 3772 401bec 3770->3772 3777 401c31 3771->3777 3778 401bbf 3771->3778 3773 401bf1 3772->3773 3774 401c16 GlobalAlloc 3772->3774 3779 40239d 3773->3779 3789 40653d lstrcpynW 3773->3789 3775 40657a 17 API calls 3774->3775 3775->3777 3776 40657a 17 API calls 3780 402397 3776->3780 3777->3776 3777->3779 3790 40653d lstrcpynW 3778->3790 3785 405b9d MessageBoxIndirectW 3780->3785 3783 401c03 GlobalFree 3783->3779 3784 401bce 3791 40653d lstrcpynW 3784->3791 3785->3779 3787 401bdd 3792 40653d lstrcpynW 3787->3792 3789->3783 3790->3784 3791->3787 3792->3779 4335 40261c 4336 402da6 17 API calls 4335->4336 4337 402623 4336->4337 4340 40602d GetFileAttributesW CreateFileW 4337->4340 4339 40262f 4340->4339 4341 40149e 4342 4014ac PostQuitMessage 4341->4342 4343 40239d 4341->4343 4342->4343 4344 40259e 4345 402de6 17 API calls 4344->4345 4346 4025a8 4345->4346 4347 402d84 17 API calls 4346->4347 4348 4025b1 4347->4348 4349 4025d9 RegEnumValueW 4348->4349 4350 4025cd RegEnumKeyW 4348->4350 4352 40292e 4348->4352 4351 4025ee RegCloseKey 4349->4351 4350->4351 4351->4352 4354 4015a3 4355 402da6 17 API calls 4354->4355 4356 4015aa SetFileAttributesW 4355->4356 4357 4015bc 4356->4357 3181 401fa4 3182 402da6 17 API calls 3181->3182 3183 401faa 3182->3183 3184 40559f 24 API calls 3183->3184 3185 401fb4 3184->3185 3196 405b20 CreateProcessW 3185->3196 3188 40292e 3191 401fcf 3192 401fd4 3191->3192 3193 401fdf 3191->3193 3204 406484 wsprintfW 3192->3204 3195 401fdd CloseHandle 3193->3195 3195->3188 3197 405b53 CloseHandle 3196->3197 3198 401fba 3196->3198 3197->3198 3198->3188 3198->3195 3199 4069b5 WaitForSingleObject 3198->3199 3200 4069cf 3199->3200 3201 4069e1 GetExitCodeProcess 3200->3201 3205 406946 3200->3205 3201->3191 3204->3195 3206 406963 PeekMessageW 3205->3206 3207 406973 WaitForSingleObject 3206->3207 3208 406959 DispatchMessageW 3206->3208 3207->3200 3208->3206 3258 4021aa 3259 402da6 17 API calls 3258->3259 3260 4021b1 3259->3260 3261 402da6 17 API calls 3260->3261 3262 4021bb 3261->3262 3263 402da6 17 API calls 3262->3263 3264 4021c5 3263->3264 3265 402da6 17 API calls 3264->3265 3266 4021cf 3265->3266 3267 402da6 17 API calls 3266->3267 3268 4021d9 3267->3268 3269 402218 CoCreateInstance 3268->3269 3270 402da6 17 API calls 3268->3270 3273 402237 3269->3273 3270->3269 3271 401423 24 API calls 3272 4022f6 3271->3272 3273->3271 3273->3272 3274 40252a 3285 402de6 3274->3285 3277 402da6 17 API calls 3278 40253d 3277->3278 3279 402548 RegQueryValueExW 3278->3279 3284 40292e 3278->3284 3280 40256e RegCloseKey 3279->3280 3281 402568 3279->3281 3280->3284 3281->3280 3290 406484 wsprintfW 3281->3290 3286 402da6 17 API calls 3285->3286 3287 402dfd 3286->3287 3288 4063aa RegOpenKeyExW 3287->3288 3289 402534 3288->3289 3289->3277 3290->3280 4358 40202a 4359 402da6 17 API calls 4358->4359 4360 402031 4359->4360 4361 40690a 5 API calls 4360->4361 4362 402040 4361->4362 4363 40205c GlobalAlloc 4362->4363 4366 4020cc 4362->4366 4364 402070 4363->4364 4363->4366 4365 40690a 5 API calls 4364->4365 4367 402077 4365->4367 4368 40690a 5 API calls 4367->4368 4369 402081 4368->4369 4369->4366 4373 406484 wsprintfW 4369->4373 4371 4020ba 4374 406484 wsprintfW 4371->4374 4373->4371 4374->4366 4375 403baa 4376 403bb5 4375->4376 4377 403bb9 4376->4377 4378 403bbc GlobalAlloc 4376->4378 4378->4377 3315 40352d SetErrorMode GetVersionExW 3316 4035b7 3315->3316 3317 40357f GetVersionExW 3315->3317 3318 403610 3316->3318 3319 40690a 5 API calls 3316->3319 3317->3316 3320 40689a 3 API calls 3318->3320 3319->3318 3321 403626 lstrlenA 3320->3321 3321->3318 3322 403636 3321->3322 3323 40690a 5 API calls 3322->3323 3324 40363d 3323->3324 3325 40690a 5 API calls 3324->3325 3326 403644 3325->3326 3327 40690a 5 API calls 3326->3327 3331 403650 #17 OleInitialize SHGetFileInfoW 3327->3331 3330 40369d GetCommandLineW 3406 40653d lstrcpynW 3330->3406 3405 40653d lstrcpynW 3331->3405 3333 4036af 3334 405e39 CharNextW 3333->3334 3335 4036d5 CharNextW 3334->3335 3347 4036e6 3335->3347 3336 4037e4 3337 4037f8 GetTempPathW 3336->3337 3407 4034fc 3337->3407 3339 403810 3341 403814 GetWindowsDirectoryW lstrcatW 3339->3341 3342 40386a DeleteFileW 3339->3342 3340 405e39 CharNextW 3340->3347 3343 4034fc 12 API calls 3341->3343 3417 40307d GetTickCount GetModuleFileNameW 3342->3417 3345 403830 3343->3345 3345->3342 3348 403834 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3345->3348 3346 40387d 3350 403a59 ExitProcess OleUninitialize 3346->3350 3352 403932 3346->3352 3360 405e39 CharNextW 3346->3360 3347->3336 3347->3340 3349 4037e6 3347->3349 3351 4034fc 12 API calls 3348->3351 3501 40653d lstrcpynW 3349->3501 3354 403a69 3350->3354 3355 403a7e 3350->3355 3359 403862 3351->3359 3445 403bec 3352->3445 3506 405b9d 3354->3506 3357 403a86 GetCurrentProcess OpenProcessToken 3355->3357 3358 403afc ExitProcess 3355->3358 3363 403acc 3357->3363 3364 403a9d LookupPrivilegeValueW AdjustTokenPrivileges 3357->3364 3359->3342 3359->3350 3374 40389f 3360->3374 3367 40690a 5 API calls 3363->3367 3364->3363 3365 403941 3365->3350 3370 403ad3 3367->3370 3368 403908 3371 405f14 18 API calls 3368->3371 3369 403949 3373 405b08 5 API calls 3369->3373 3372 403ae8 ExitWindowsEx 3370->3372 3376 403af5 3370->3376 3375 403914 3371->3375 3372->3358 3372->3376 3377 40394e lstrcatW 3373->3377 3374->3368 3374->3369 3375->3350 3502 40653d lstrcpynW 3375->3502 3510 40140b 3376->3510 3378 40396a lstrcatW lstrcmpiW 3377->3378 3379 40395f lstrcatW 3377->3379 3378->3365 3381 40398a 3378->3381 3379->3378 3383 403996 3381->3383 3384 40398f 3381->3384 3387 405aeb 2 API calls 3383->3387 3386 405a6e 4 API calls 3384->3386 3385 403927 3503 40653d lstrcpynW 3385->3503 3389 403994 3386->3389 3390 40399b SetCurrentDirectoryW 3387->3390 3389->3390 3391 4039b8 3390->3391 3392 4039ad 3390->3392 3505 40653d lstrcpynW 3391->3505 3504 40653d lstrcpynW 3392->3504 3395 40657a 17 API calls 3396 4039fa DeleteFileW 3395->3396 3397 403a06 CopyFileW 3396->3397 3402 4039c5 3396->3402 3397->3402 3398 403a50 3400 4062fd 36 API calls 3398->3400 3399 4062fd 36 API calls 3399->3402 3400->3365 3401 40657a 17 API calls 3401->3402 3402->3395 3402->3398 3402->3399 3402->3401 3403 405b20 2 API calls 3402->3403 3404 403a3a CloseHandle 3402->3404 3403->3402 3404->3402 3405->3330 3406->3333 3408 4067c4 5 API calls 3407->3408 3410 403508 3408->3410 3409 403512 3409->3339 3410->3409 3411 405e0c 3 API calls 3410->3411 3412 40351a 3411->3412 3413 405aeb 2 API calls 3412->3413 3414 403520 3413->3414 3513 40605c 3414->3513 3517 40602d GetFileAttributesW CreateFileW 3417->3517 3419 4030bd 3437 4030cd 3419->3437 3518 40653d lstrcpynW 3419->3518 3421 4030e3 3422 405e58 2 API calls 3421->3422 3423 4030e9 3422->3423 3519 40653d lstrcpynW 3423->3519 3425 4030f4 GetFileSize 3426 4031ee 3425->3426 3444 40310b 3425->3444 3520 403019 3426->3520 3428 4031f7 3430 403227 GlobalAlloc 3428->3430 3428->3437 3532 4034e5 SetFilePointer 3428->3532 3429 4034cf ReadFile 3429->3444 3531 4034e5 SetFilePointer 3430->3531 3432 40325a 3434 403019 6 API calls 3432->3434 3434->3437 3435 403210 3438 4034cf ReadFile 3435->3438 3436 403242 3439 4032b4 31 API calls 3436->3439 3437->3346 3440 40321b 3438->3440 3442 40324e 3439->3442 3440->3430 3440->3437 3441 403019 6 API calls 3441->3444 3442->3437 3442->3442 3443 40328b SetFilePointer 3442->3443 3443->3437 3444->3426 3444->3429 3444->3432 3444->3437 3444->3441 3446 40690a 5 API calls 3445->3446 3447 403c00 3446->3447 3448 403c06 3447->3448 3449 403c18 3447->3449 3548 406484 wsprintfW 3448->3548 3450 40640b 3 API calls 3449->3450 3451 403c48 3450->3451 3453 403c67 lstrcatW 3451->3453 3455 40640b 3 API calls 3451->3455 3454 403c16 3453->3454 3533 403ec2 3454->3533 3455->3453 3458 405f14 18 API calls 3459 403c99 3458->3459 3460 403d2d 3459->3460 3462 40640b 3 API calls 3459->3462 3461 405f14 18 API calls 3460->3461 3463 403d33 3461->3463 3464 403ccb 3462->3464 3465 403d43 LoadImageW 3463->3465 3466 40657a 17 API calls 3463->3466 3464->3460 3469 403cec lstrlenW 3464->3469 3472 405e39 CharNextW 3464->3472 3467 403de9 3465->3467 3468 403d6a RegisterClassW 3465->3468 3466->3465 3471 40140b 2 API calls 3467->3471 3470 403da0 SystemParametersInfoW CreateWindowExW 3468->3470 3500 403df3 3468->3500 3473 403d20 3469->3473 3474 403cfa lstrcmpiW 3469->3474 3470->3467 3478 403def 3471->3478 3476 403ce9 3472->3476 3475 405e0c 3 API calls 3473->3475 3474->3473 3477 403d0a GetFileAttributesW 3474->3477 3480 403d26 3475->3480 3476->3469 3481 403d16 3477->3481 3479 403ec2 18 API calls 3478->3479 3478->3500 3482 403e00 3479->3482 3549 40653d lstrcpynW 3480->3549 3481->3473 3484 405e58 2 API calls 3481->3484 3485 403e0c ShowWindow 3482->3485 3486 403e8f 3482->3486 3484->3473 3488 40689a 3 API calls 3485->3488 3541 405672 OleInitialize 3486->3541 3490 403e24 3488->3490 3489 403e95 3491 403eb1 3489->3491 3492 403e99 3489->3492 3493 403e32 GetClassInfoW 3490->3493 3495 40689a 3 API calls 3490->3495 3494 40140b 2 API calls 3491->3494 3498 40140b 2 API calls 3492->3498 3492->3500 3496 403e46 GetClassInfoW RegisterClassW 3493->3496 3497 403e5c DialogBoxParamW 3493->3497 3494->3500 3495->3493 3496->3497 3499 40140b 2 API calls 3497->3499 3498->3500 3499->3500 3500->3365 3501->3337 3502->3385 3503->3352 3504->3391 3505->3402 3507 405bb2 3506->3507 3508 403a76 ExitProcess 3507->3508 3509 405bc6 MessageBoxIndirectW 3507->3509 3509->3508 3511 401389 2 API calls 3510->3511 3512 401420 3511->3512 3512->3358 3514 406069 GetTickCount GetTempFileNameW 3513->3514 3515 40352b 3514->3515 3516 40609f 3514->3516 3515->3339 3516->3514 3516->3515 3517->3419 3518->3421 3519->3425 3521 403022 3520->3521 3522 40303a 3520->3522 3523 403032 3521->3523 3524 40302b DestroyWindow 3521->3524 3525 403042 3522->3525 3526 40304a GetTickCount 3522->3526 3523->3428 3524->3523 3527 406946 2 API calls 3525->3527 3528 403058 CreateDialogParamW ShowWindow 3526->3528 3529 40307b 3526->3529 3530 403048 3527->3530 3528->3529 3529->3428 3530->3428 3531->3436 3532->3435 3534 403ed6 3533->3534 3550 406484 wsprintfW 3534->3550 3536 403f47 3551 403f7b 3536->3551 3538 403c77 3538->3458 3539 403f4c 3539->3538 3540 40657a 17 API calls 3539->3540 3540->3539 3554 4044e5 3541->3554 3543 4056bc 3544 4044e5 SendMessageW 3543->3544 3546 4056ce OleUninitialize 3544->3546 3545 405695 3545->3543 3557 401389 3545->3557 3546->3489 3548->3454 3549->3460 3550->3536 3552 40657a 17 API calls 3551->3552 3553 403f89 SetWindowTextW 3552->3553 3553->3539 3555 4044fd 3554->3555 3556 4044ee SendMessageW 3554->3556 3555->3545 3556->3555 3559 401390 3557->3559 3558 4013fe 3558->3545 3559->3558 3560 4013cb MulDiv SendMessageW 3559->3560 3560->3559 4379 401a30 4380 402da6 17 API calls 4379->4380 4381 401a39 ExpandEnvironmentStringsW 4380->4381 4382 401a4d 4381->4382 4384 401a60 4381->4384 4383 401a52 lstrcmpW 4382->4383 4382->4384 4383->4384 4390 4023b2 4391 4023c0 4390->4391 4392 4023ba 4390->4392 4394 4023ce 4391->4394 4395 402da6 17 API calls 4391->4395 4393 402da6 17 API calls 4392->4393 4393->4391 4396 402da6 17 API calls 4394->4396 4398 4023dc 4394->4398 4395->4394 4396->4398 4397 402da6 17 API calls 4399 4023e5 WritePrivateProfileStringW 4397->4399 4398->4397 4400 402434 4401 402467 4400->4401 4402 40243c 4400->4402 4403 402da6 17 API calls 4401->4403 4404 402de6 17 API calls 4402->4404 4405 40246e 4403->4405 4406 402443 4404->4406 4411 402e64 4405->4411 4408 402da6 17 API calls 4406->4408 4409 40247b 4406->4409 4410 402454 RegDeleteValueW RegCloseKey 4408->4410 4410->4409 4412 402e71 4411->4412 4413 402e78 4411->4413 4412->4409 4413->4412 4415 402ea9 4413->4415 4416 4063aa RegOpenKeyExW 4415->4416 4417 402ed7 4416->4417 4418 402ee7 RegEnumValueW 4417->4418 4419 402f0a 4417->4419 4426 402f81 4417->4426 4418->4419 4420 402f71 RegCloseKey 4418->4420 4419->4420 4421 402f46 RegEnumKeyW 4419->4421 4422 402f4f RegCloseKey 4419->4422 4425 402ea9 6 API calls 4419->4425 4420->4426 4421->4419 4421->4422 4423 40690a 5 API calls 4422->4423 4424 402f5f 4423->4424 4424->4426 4427 402f63 RegDeleteKeyW 4424->4427 4425->4419 4426->4412 4427->4426 4428 401735 4429 402da6 17 API calls 4428->4429 4430 40173c SearchPathW 4429->4430 4431 401757 4430->4431 4432 401d38 4433 402d84 17 API calls 4432->4433 4434 401d3f 4433->4434 4435 402d84 17 API calls 4434->4435 4436 401d4b GetDlgItem 4435->4436 4437 402638 4436->4437 4438 4014b8 4439 4014be 4438->4439 4440 401389 2 API calls 4439->4440 4441 4014c6 4440->4441 4442 40263e 4443 402652 4442->4443 4444 40266d 4442->4444 4445 402d84 17 API calls 4443->4445 4446 402672 4444->4446 4447 40269d 4444->4447 4454 402659 4445->4454 4448 402da6 17 API calls 4446->4448 4449 402da6 17 API calls 4447->4449 4451 402679 4448->4451 4450 4026a4 lstrlenW 4449->4450 4450->4454 4459 40655f WideCharToMultiByte 4451->4459 4453 40268d lstrlenA 4453->4454 4455 4026d1 4454->4455 4456 4026e7 4454->4456 4458 40610e 5 API calls 4454->4458 4455->4456 4457 4060df WriteFile 4455->4457 4457->4456 4458->4455 4459->4453

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 0040352D Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 40352d-40357d SetErrorMode GetVersionExW 1 4035b7-4035be 0->1 2 40357f-4035b3 GetVersionExW 0->2 3 4035c0 1->3 4 4035c8-403608 1->4 2->1 3->4 5 40360a-403612 call 40690a 4->5 6 40361b 4->6 5->6 11 403614 5->11 8 403620-403634 call 40689a lstrlenA 6->8 13 403636-403652 call 40690a * 3 8->13 11->6 20 403663-4036c5 #17 OleInitialize SHGetFileInfoW call 40653d GetCommandLineW call 40653d 13->20 21 403654-40365a 13->21 28 4036c7-4036c9 20->28 29 4036ce-4036e1 call 405e39 CharNextW 20->29 21->20 25 40365c 21->25 25->20 28->29 32 4037d8-4037de 29->32 33 4037e4 32->33 34 4036e6-4036ec 32->34 37 4037f8-403812 GetTempPathW call 4034fc 33->37 35 4036f5-4036fb 34->35 36 4036ee-4036f3 34->36 38 403702-403706 35->38 39 4036fd-403701 35->39 36->35 36->36 47 403814-403832 GetWindowsDirectoryW lstrcatW call 4034fc 37->47 48 40386a-403882 DeleteFileW call 40307d 37->48 41 4037c6-4037d4 call 405e39 38->41 42 40370c-403712 38->42 39->38 41->32 59 4037d6-4037d7 41->59 45 403714-40371b 42->45 46 40372c-403765 42->46 52 403722 45->52 53 40371d-403720 45->53 54 403781-4037bb 46->54 55 403767-40376c 46->55 47->48 62 403834-403864 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 4034fc 47->62 64 403888-40388e 48->64 65 403a59-403a67 ExitProcess OleUninitialize 48->65 52->46 53->46 53->52 57 4037c3-4037c5 54->57 58 4037bd-4037c1 54->58 55->54 61 40376e-403776 55->61 57->41 58->57 63 4037e6-4037f3 call 40653d 58->63 59->32 66 403778-40377b 61->66 67 40377d 61->67 62->48 62->65 63->37 69 403894-4038a7 call 405e39 64->69 70 403935-40393c call 403bec 64->70 72 403a69-403a78 call 405b9d ExitProcess 65->72 73 403a7e-403a84 65->73 66->54 66->67 67->54 88 4038f9-403906 69->88 89 4038a9-4038de 69->89 84 403941-403944 70->84 75 403a86-403a9b GetCurrentProcess OpenProcessToken 73->75 76 403afc-403b04 73->76 81 403acc-403ada call 40690a 75->81 82 403a9d-403ac6 LookupPrivilegeValueW AdjustTokenPrivileges 75->82 85 403b06 76->85 86 403b09-403b0c ExitProcess 76->86 95 403ae8-403af3 ExitWindowsEx 81->95 96 403adc-403ae6 81->96 82->81 84->65 85->86 90 403908-403916 call 405f14 88->90 91 403949-40395d call 405b08 lstrcatW 88->91 93 4038e0-4038e4 89->93 90->65 106 40391c-403932 call 40653d * 2 90->106 104 40396a-403984 lstrcatW lstrcmpiW 91->104 105 40395f-403965 lstrcatW 91->105 98 4038e6-4038eb 93->98 99 4038ed-4038f5 93->99 95->76 102 403af5-403af7 call 40140b 95->102 96->95 96->102 98->99 100 4038f7 98->100 99->93 99->100 100->88 102->76 109 403a57 104->109 110 40398a-40398d 104->110 105->104 106->70 109->65 112 403996 call 405aeb 110->112 113 40398f-403994 call 405a6e 110->113 119 40399b-4039ab SetCurrentDirectoryW 112->119 113->119 121 4039b8-4039e4 call 40653d 119->121 122 4039ad-4039b3 call 40653d 119->122 126 4039e9-403a04 call 40657a DeleteFileW 121->126 122->121 129 403a44-403a4e 126->129 130 403a06-403a16 CopyFileW 126->130 129->126 132 403a50-403a52 call 4062fd 129->132 130->129 131 403a18-403a38 call 4062fd call 40657a call 405b20 130->131 131->129 140 403a3a-403a41 CloseHandle 131->140 132->109 140->129
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetErrorMode.KERNEL32(00008001), ref: 00403550
                                                                                                                                                                                            • GetVersionExW.KERNEL32(?), ref: 00403579
                                                                                                                                                                                            • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                                                                                                                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                                                                                                                                                                                            • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0040366A
                                                                                                                                                                                            • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                                                                                                                                                                                            • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                                                                                                                                                                                            • CharNextW.USER32(00000000,"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348,00000020,"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348,00000000), ref: 004036D6
                                                                                                                                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                                                                                                                                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                                                                                                                                                                                            • DeleteFileW.KERNEL32(1033), ref: 0040386F
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                                                                                                                                                                                              • Part of subcall function 00405AEB: CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                                                                                                                                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348,00000000,?), ref: 0040397C
                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                                                                                                                                                                                            • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                                                                                                                                                                                            • CopyFileW.KERNEL32(C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,0042AA28,00000001), ref: 00403A0E
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                                                                                                                                                                                            • ExitProcess.KERNEL32(?), ref: 00403A59
                                                                                                                                                                                            • OleUninitialize.OLE32(?), ref: 00403A5E
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403A78
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                                                                                                                                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                                                                                                                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00403B0C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                                                                                                                                                            • String ID: "C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe" /fcid 1709547169173348$&dsk_iosec=65997&dsk_mbsec=257&os_name=Microsoft Windows 10 Pro&os_installdate=20231003095718.000000+060&os_processes=113&os_archi$.tmp$1033$C:\Program Files (x86)\Fast!$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\FAST!\Temp$C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                                                                            • API String ID: 2292928366-1973097481
                                                                                                                                                                                            • Opcode ID: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                            • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 31f77c8a8b3a3ad3f5f74e486622c6887c952165384ea8b63ade3724d5224d7f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405C49 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 148filestringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 498 405c49-405c6f call 405f14 501 405c71-405c83 DeleteFileW 498->501 502 405c88-405c8f 498->502 503 405e05-405e09 501->503 504 405c91-405c93 502->504 505 405ca2-405cb2 call 40653d 502->505 506 405db3-405db8 504->506 507 405c99-405c9c 504->507 513 405cc1-405cc2 call 405e58 505->513 514 405cb4-405cbf lstrcatW 505->514 506->503 509 405dba-405dbd 506->509 507->505 507->506 511 405dc7-405dcf call 406873 509->511 512 405dbf-405dc5 509->512 511->503 522 405dd1-405de5 call 405e0c call 405c01 511->522 512->503 516 405cc7-405ccb 513->516 514->516 518 405cd7-405cdd lstrcatW 516->518 519 405ccd-405cd5 516->519 521 405ce2-405cfe lstrlenW FindFirstFileW 518->521 519->518 519->521 523 405d04-405d0c 521->523 524 405da8-405dac 521->524 538 405de7-405dea 522->538 539 405dfd-405e00 call 40559f 522->539 526 405d2c-405d40 call 40653d 523->526 527 405d0e-405d16 523->527 524->506 529 405dae 524->529 540 405d42-405d4a 526->540 541 405d57-405d62 call 405c01 526->541 530 405d18-405d20 527->530 531 405d8b-405d9b FindNextFileW 527->531 529->506 530->526 534 405d22-405d2a 530->534 531->523 537 405da1-405da2 FindClose 531->537 534->526 534->531 537->524 538->512 544 405dec-405dfb call 40559f call 4062fd 538->544 539->503 540->531 545 405d4c-405d55 call 405c49 540->545 549 405d83-405d86 call 40559f 541->549 550 405d64-405d67 541->550 544->503 545->531 549->531 553 405d69-405d79 call 40559f call 4062fd 550->553 554 405d7b-405d81 550->554 553->531 554->531
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                                                                                                                                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\*.*,\*.*), ref: 00405CBA
                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                                                                                                                                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\*.*,?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                                                                                                                                                                                            • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00405DA2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                                                                            • String ID: .$.$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\*.*$\*.*
                                                                                                                                                                                            • API String ID: 2035342205-407515256
                                                                                                                                                                                            • Opcode ID: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                            • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 91e5555b9508150fcf6e55f7c9d4dc2ae8152fc7335161658e002f7252bbf59f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406873 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(74DF3420,004302B8,C:\,00405F5D,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0040688A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                            • String ID: C:\
                                                                                                                                                                                            • API String ID: 2295610775-3404278061
                                                                                                                                                                                            • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                            • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004056DE Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 141 4056de-4056f9 142 405888-40588f 141->142 143 4056ff-4057c6 GetDlgItem * 3 call 4044ce call 404e27 GetClientRect GetSystemMetrics SendMessageW * 2 141->143 145 405891-4058b3 GetDlgItem CreateThread CloseHandle 142->145 146 4058b9-4058c6 142->146 165 4057e4-4057e7 143->165 166 4057c8-4057e2 SendMessageW * 2 143->166 145->146 148 4058e4-4058ee 146->148 149 4058c8-4058ce 146->149 150 4058f0-4058f6 148->150 151 405944-405948 148->151 153 4058d0-4058df ShowWindow * 2 call 4044ce 149->153 154 405909-405912 call 404500 149->154 155 4058f8-405904 call 404472 150->155 156 40591e-40592e ShowWindow 150->156 151->154 159 40594a-405950 151->159 153->148 162 405917-40591b 154->162 155->154 163 405930-405939 call 40559f 156->163 164 40593e-40593f call 404472 156->164 159->154 167 405952-405965 SendMessageW 159->167 163->164 164->151 170 4057f7-40580e call 404499 165->170 171 4057e9-4057f5 SendMessageW 165->171 166->165 172 405a67-405a69 167->172 173 40596b-405996 CreatePopupMenu call 40657a AppendMenuW 167->173 180 405810-405824 ShowWindow 170->180 181 405844-405865 GetDlgItem SendMessageW 170->181 171->170 172->162 178 405998-4059a8 GetWindowRect 173->178 179 4059ab-4059c0 TrackPopupMenu 173->179 178->179 179->172 182 4059c6-4059dd 179->182 183 405833 180->183 184 405826-405831 ShowWindow 180->184 181->172 185 40586b-405883 SendMessageW * 2 181->185 186 4059e2-4059fd SendMessageW 182->186 187 405839-40583f call 4044ce 183->187 184->187 185->172 186->186 188 4059ff-405a22 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 186->188 187->181 190 405a24-405a4b SendMessageW 188->190 190->190 191 405a4d-405a61 GlobalUnlock SetClipboardData CloseClipboard 190->191 191->172
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000403), ref: 0040573C
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EE), ref: 0040574B
                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00405788
                                                                                                                                                                                            • GetSystemMetrics.USER32(00000002), ref: 0040578F
                                                                                                                                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                                                                                                                                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                                                                                                                                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                                                                                                                                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                                                                                                                                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                                                                                                                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                                                                                                                                                                                            • ShowWindow.USER32(?,00000008), ref: 0040582B
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 0040584C
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F8), ref: 0040575A
                                                                                                                                                                                              • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003EC), ref: 0040589E
                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_00005672,00000000), ref: 004058AC
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004058B3
                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 004058D7
                                                                                                                                                                                            • ShowWindow.USER32(00020462,00000008), ref: 004058DC
                                                                                                                                                                                            • ShowWindow.USER32(00000008), ref: 00405926
                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                                                                                                                                                                                            • CreatePopupMenu.USER32 ref: 0040596B
                                                                                                                                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 0040597F
                                                                                                                                                                                            • GetWindowRect.USER32(?,?), ref: 0040599F
                                                                                                                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                                                                                                                                                                                            • OpenClipboard.USER32(00000000), ref: 00405A00
                                                                                                                                                                                            • EmptyClipboard.USER32 ref: 00405A06
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                                                                                                                                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405A1C
                                                                                                                                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                                                                                                                                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                                                                                                                                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 00405A5B
                                                                                                                                                                                            • CloseClipboard.USER32 ref: 00405A61
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                                                                            • String ID: {$f
                                                                                                                                                                                            • API String ID: 590372296-2467517417
                                                                                                                                                                                            • Opcode ID: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                            • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                                                                                                                                                                                            • Opcode Fuzzy Hash: 943fc32418130b232fc7306fa704d0383798a9d724e6e480ce665c9b6ea9918b
                                                                                                                                                                                            • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403F9A Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 192 403f9a-403fac 193 403fb2-403fb8 192->193 194 404113-404122 192->194 193->194 195 403fbe-403fc7 193->195 196 404171-404186 194->196 197 404124-40416c GetDlgItem * 2 call 404499 SetClassLongW call 40140b 194->197 200 403fc9-403fd6 SetWindowPos 195->200 201 403fdc-403fe3 195->201 198 4041c6-4041cb call 4044e5 196->198 199 404188-40418b 196->199 197->196 214 4041d0-4041eb 198->214 203 40418d-404198 call 401389 199->203 204 4041be-4041c0 199->204 200->201 206 403fe5-403fff ShowWindow 201->206 207 404027-40402d 201->207 203->204 228 40419a-4041b9 SendMessageW 203->228 204->198 213 404466 204->213 215 404100-40410e call 404500 206->215 216 404005-404018 GetWindowLongW 206->216 209 404046-404049 207->209 210 40402f-404041 DestroyWindow 207->210 220 40404b-404057 SetWindowLongW 209->220 221 40405c-404062 209->221 217 404443-404449 210->217 219 404468-40446f 213->219 224 4041f4-4041fa 214->224 225 4041ed-4041ef call 40140b 214->225 215->219 216->215 226 40401e-404021 ShowWindow 216->226 217->213 231 40444b-404451 217->231 220->219 221->215 227 404068-404077 GetDlgItem 221->227 232 404200-40420b 224->232 233 404424-40443d DestroyWindow KiUserCallbackDispatcher 224->233 225->224 226->207 235 404096-404099 227->235 236 404079-404090 SendMessageW IsWindowEnabled 227->236 228->219 231->213 237 404453-40445c ShowWindow 231->237 232->233 234 404211-40425e call 40657a call 404499 * 3 GetDlgItem 232->234 233->217 264 404260-404265 234->264 265 404268-4042a4 ShowWindow KiUserCallbackDispatcher call 4044bb EnableWindow 234->265 239 40409b-40409c 235->239 240 40409e-4040a1 235->240 236->213 236->235 237->213 242 4040cc-4040d1 call 404472 239->242 243 4040a3-4040a9 240->243 244 4040af-4040b4 240->244 242->215 247 4040ea-4040fa SendMessageW 243->247 248 4040ab-4040ad 243->248 244->247 249 4040b6-4040bc 244->249 247->215 248->242 252 4040d3-4040dc call 40140b 249->252 253 4040be-4040c4 call 40140b 249->253 252->215 262 4040de-4040e8 252->262 260 4040ca 253->260 260->242 262->260 264->265 268 4042a6-4042a7 265->268 269 4042a9 265->269 270 4042ab-4042d9 GetSystemMenu EnableMenuItem SendMessageW 268->270 269->270 271 4042db-4042ec SendMessageW 270->271 272 4042ee 270->272 273 4042f4-404333 call 4044ce call 403f7b call 40653d lstrlenW call 40657a SetWindowTextW call 401389 271->273 272->273 273->214 284 404339-40433b 273->284 284->214 285 404341-404345 284->285 286 404364-404378 DestroyWindow 285->286 287 404347-40434d 285->287 286->217 289 40437e-4043ab CreateDialogParamW 286->289 287->213 288 404353-404359 287->288 288->214 290 40435f 288->290 289->217 291 4043b1-404408 call 404499 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 289->291 290->213 291->213 296 40440a-40441d ShowWindow call 4044e5 291->296 298 404422 296->298 298->217
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                                                                                                                                                                                            • ShowWindow.USER32(?), ref: 00403FF6
                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                                                                                                                                                                                            • ShowWindow.USER32(?,00000004), ref: 00404021
                                                                                                                                                                                            • DestroyWindow.USER32 ref: 00404035
                                                                                                                                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 0040404E
                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 0040406D
                                                                                                                                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                                                                                                                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00404088
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000001), ref: 00404133
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000002), ref: 0040413D
                                                                                                                                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                                                                                                                                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000003), ref: 0040424E
                                                                                                                                                                                            • ShowWindow.USER32(00000000,?), ref: 0040426F
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00404281
                                                                                                                                                                                            • EnableWindow.USER32(?,?), ref: 0040429C
                                                                                                                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                                                                                                                                                                                            • EnableMenuItem.USER32(00000000), ref: 004042B9
                                                                                                                                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                                                                                                                                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                                                                                                                                                                                            • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                                                                                                                                                                                            • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                                                                                                                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00404456
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$Item$MessageSendShow$Long$EnableMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                            • API String ID: 121052019-3121592443
                                                                                                                                                                                            • Opcode ID: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                            • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: f65e638bec718107b599af9a82b264fc0764d6b1c1dffbdcb4ef221558e01a13
                                                                                                                                                                                            • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403BEC Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 215stringregistryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 299 403bec-403c04 call 40690a 302 403c06-403c16 call 406484 299->302 303 403c18-403c4f call 40640b 299->303 312 403c72-403c9b call 403ec2 call 405f14 302->312 308 403c51-403c62 call 40640b 303->308 309 403c67-403c6d lstrcatW 303->309 308->309 309->312 317 403ca1-403ca6 312->317 318 403d2d-403d35 call 405f14 312->318 317->318 319 403cac-403cd4 call 40640b 317->319 324 403d43-403d68 LoadImageW 318->324 325 403d37-403d3e call 40657a 318->325 319->318 326 403cd6-403cda 319->326 328 403de9-403df1 call 40140b 324->328 329 403d6a-403d9a RegisterClassW 324->329 325->324 330 403cec-403cf8 lstrlenW 326->330 331 403cdc-403ce9 call 405e39 326->331 343 403df3-403df6 328->343 344 403dfb-403e06 call 403ec2 328->344 332 403da0-403de4 SystemParametersInfoW CreateWindowExW 329->332 333 403eb8 329->333 337 403d20-403d28 call 405e0c call 40653d 330->337 338 403cfa-403d08 lstrcmpiW 330->338 331->330 332->328 336 403eba-403ec1 333->336 337->318 338->337 342 403d0a-403d14 GetFileAttributesW 338->342 347 403d16-403d18 342->347 348 403d1a-403d1b call 405e58 342->348 343->336 352 403e0c-403e26 ShowWindow call 40689a 344->352 353 403e8f-403e90 call 405672 344->353 347->337 347->348 348->337 360 403e32-403e44 GetClassInfoW 352->360 361 403e28-403e2d call 40689a 352->361 356 403e95-403e97 353->356 358 403eb1-403eb3 call 40140b 356->358 359 403e99-403e9f 356->359 358->333 359->343 362 403ea5-403eac call 40140b 359->362 365 403e46-403e56 GetClassInfoW RegisterClassW 360->365 366 403e5c-403e7f DialogBoxParamW call 40140b 360->366 361->360 362->343 365->366 370 403e84-403e8d call 403b3c 366->370 370->336
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                              • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                            • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                                                                                                                                                                                            • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,74DF3420), ref: 00403CED
                                                                                                                                                                                            • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,C:\Program Files (x86)\Fast!,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(Remove folder: ,?,00000000,?), ref: 00403D0B
                                                                                                                                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Program Files (x86)\Fast!), ref: 00403D54
                                                                                                                                                                                              • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                            • RegisterClassW.USER32(00433EA0), ref: 00403D91
                                                                                                                                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403DA9
                                                                                                                                                                                            • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403DDE
                                                                                                                                                                                            • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403E40
                                                                                                                                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403E4D
                                                                                                                                                                                            • RegisterClassW.USER32(00433EA0), ref: 00403E56
                                                                                                                                                                                            • DialogBoxParamW.USER32(?,00000000,00403F9A,00000000), ref: 00403E75
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                            • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                                                                            • API String ID: 1975747703-2050065429
                                                                                                                                                                                            • Opcode ID: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                            • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                                                                                                                                                                                            • Opcode Fuzzy Hash: d676aef2f71fbad829aa91df8609c37157257c620a924ef9afc500929f8c8bb5
                                                                                                                                                                                            • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040307D Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 181memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 373 40307d-4030cb GetTickCount GetModuleFileNameW call 40602d 376 4030d7-403105 call 40653d call 405e58 call 40653d GetFileSize 373->376 377 4030cd-4030d2 373->377 385 4031f0-4031fe call 403019 376->385 386 40310b 376->386 378 4032ad-4032b1 377->378 392 403200-403203 385->392 393 403253-403258 385->393 388 403110-403127 386->388 390 403129 388->390 391 40312b-403134 call 4034cf 388->391 390->391 399 40325a-403262 call 403019 391->399 400 40313a-403141 391->400 395 403205-40321d call 4034e5 call 4034cf 392->395 396 403227-403251 GlobalAlloc call 4034e5 call 4032b4 392->396 393->378 395->393 419 40321f-403225 395->419 396->393 424 403264-403275 396->424 399->393 404 403143-403157 call 405fe8 400->404 405 4031bd-4031c1 400->405 410 4031cb-4031d1 404->410 422 403159-403160 404->422 409 4031c3-4031ca call 403019 405->409 405->410 409->410 415 4031e0-4031e8 410->415 416 4031d3-4031dd call 4069f7 410->416 415->388 423 4031ee 415->423 416->415 419->393 419->396 422->410 428 403162-403169 422->428 423->385 425 403277 424->425 426 40327d-403282 424->426 425->426 429 403283-403289 426->429 428->410 430 40316b-403172 428->430 429->429 431 40328b-4032a6 SetFilePointer call 405fe8 429->431 430->410 432 403174-40317b 430->432 436 4032ab 431->436 432->410 433 40317d-40319d 432->433 433->393 435 4031a3-4031a7 433->435 437 4031a9-4031ad 435->437 438 4031af-4031b7 435->438 436->378 437->423 437->438 438->410 439 4031b9-4031bb 438->439 439->410
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040308E
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                                                                                                                                                                                              • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                              • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\FAST!\Temp$C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                                                                                                                                                                                            • API String ID: 2803837635-1847466501
                                                                                                                                                                                            • Opcode ID: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                            • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dea39ccc6c39406b0d997d68cfd0a58dedaebe218e2b7937ece93c5b698421c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040657A Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 196stringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 440 40657a-406585 441 406587-406596 440->441 442 406598-4065ae 440->442 441->442 443 4065b0-4065bd 442->443 444 4065c6-4065cf 442->444 443->444 445 4065bf-4065c2 443->445 446 4065d5 444->446 447 4067aa-4067b5 444->447 445->444 448 4065da-4065e7 446->448 449 4067c0-4067c1 447->449 450 4067b7-4067bb call 40653d 447->450 448->447 451 4065ed-4065f6 448->451 450->449 453 406788 451->453 454 4065fc-406639 451->454 457 406796-406799 453->457 458 40678a-406794 453->458 455 40672c-406731 454->455 456 40663f-406646 454->456 462 406733-406739 455->462 463 406764-406769 455->463 459 406648-40664a 456->459 460 40664b-40664d 456->460 461 40679b-4067a4 457->461 458->461 459->460 464 40668a-40668d 460->464 465 40664f-40666d call 40640b 460->465 461->447 468 4065d7 461->468 469 406749-406755 call 40653d 462->469 470 40673b-406747 call 406484 462->470 466 406778-406786 lstrlenW 463->466 467 40676b-406773 call 40657a 463->467 474 40669d-4066a0 464->474 475 40668f-40669b GetSystemDirectoryW 464->475 479 406672-406676 465->479 466->461 467->466 468->448 478 40675a-406760 469->478 470->478 481 4066a2-4066b0 GetWindowsDirectoryW 474->481 482 406709-40670b 474->482 480 40670d-406711 475->480 478->466 483 406762 478->483 485 406713-406717 479->485 486 40667c-406685 call 40657a 479->486 480->485 487 406724-40672a call 4067c4 480->487 481->482 482->480 484 4066b2-4066ba 482->484 483->487 491 4066d1-4066e7 SHGetSpecialFolderLocation 484->491 492 4066bc-4066c5 484->492 485->487 488 406719-40671f lstrcatW 485->488 486->480 487->466 488->487 493 406705 491->493 494 4066e9-406703 SHGetPathFromIDListW CoTaskMemFree 491->494 497 4066cd-4066cf 492->497 493->482 494->480 494->493 497->480 497->491
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 00406695
                                                                                                                                                                                            • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00000000,00425E0F,74DF23A0), ref: 004066A8
                                                                                                                                                                                            • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                            • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Directory$SystemWindowslstrcatlstrlen
                                                                                                                                                                                            • String ID: Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$r\g
                                                                                                                                                                                            • API String ID: 4260037668-3093706245
                                                                                                                                                                                            • Opcode ID: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                            • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                                                                                                                                                                                            • Opcode Fuzzy Hash: c06be4e573324e40d3b735838f303e9f3324c9f348604da111048893f4ce4833
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004032B4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 166COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 562 4032b4-4032cb 563 4032d4-4032dd 562->563 564 4032cd 562->564 565 4032e6-4032eb 563->565 566 4032df 563->566 564->563 567 4032fb-403308 call 4034cf 565->567 568 4032ed-4032f6 call 4034e5 565->568 566->565 572 4034bd 567->572 573 40330e-403312 567->573 568->567 574 4034bf-4034c0 572->574 575 403468-40346a 573->575 576 403318-403361 GetTickCount 573->576 579 4034c8-4034cc 574->579 577 4034aa-4034ad 575->577 578 40346c-40346f 575->578 580 4034c5 576->580 581 403367-40336f 576->581 585 4034b2-4034bb call 4034cf 577->585 586 4034af 577->586 578->580 582 403471 578->582 580->579 583 403371 581->583 584 403374-403382 call 4034cf 581->584 588 403474-40347a 582->588 583->584 584->572 596 403388-403391 584->596 585->572 594 4034c2 585->594 586->585 591 40347c 588->591 592 40347e-40348c call 4034cf 588->592 591->592 592->572 599 40348e-403493 call 4060df 592->599 594->580 598 403397-4033b7 call 406a65 596->598 604 403460-403462 598->604 605 4033bd-4033d0 GetTickCount 598->605 603 403498-40349a 599->603 606 403464-403466 603->606 607 40349c-4034a6 603->607 604->574 608 4033d2-4033da 605->608 609 40341b-40341d 605->609 606->574 607->588 614 4034a8 607->614 610 4033e2-403413 MulDiv wsprintfW call 40559f 608->610 611 4033dc-4033e0 608->611 612 403454-403458 609->612 613 40341f-403423 609->613 619 403418 610->619 611->609 611->610 612->581 618 40345e 612->618 616 403425-40342c call 4060df 613->616 617 40343a-403445 613->617 614->580 622 403431-403433 616->622 621 403448-40344c 617->621 618->580 619->609 621->598 623 403452 621->623 622->606 624 403435-403438 622->624 623->580 624->621
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CountTick$wsprintf
                                                                                                                                                                                            • String ID: *B$ A$ A$... %d%%$}8@
                                                                                                                                                                                            • API String ID: 551687249-3029848762
                                                                                                                                                                                            • Opcode ID: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                            • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                                                                                                                                                                                            • Opcode Fuzzy Hash: dac142f1bd8b58d46ec5ce0932f2b3f247fbee8c78603e198082076923a37247
                                                                                                                                                                                            • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 625 40176f-401794 call 402da6 call 405e83 630 401796-40179c call 40653d 625->630 631 40179e-4017b0 call 40653d call 405e0c lstrcatW 625->631 636 4017b5-4017b6 call 4067c4 630->636 631->636 640 4017bb-4017bf 636->640 641 4017c1-4017cb call 406873 640->641 642 4017f2-4017f5 640->642 649 4017dd-4017ef 641->649 650 4017cd-4017db CompareFileTime 641->650 643 4017f7-4017f8 call 406008 642->643 644 4017fd-401819 call 40602d 642->644 643->644 652 40181b-40181e 644->652 653 40188d-4018b6 call 40559f call 4032b4 644->653 649->642 650->649 654 401820-40185e call 40653d * 2 call 40657a call 40653d call 405b9d 652->654 655 40186f-401879 call 40559f 652->655 665 4018b8-4018bc 653->665 666 4018be-4018ca SetFileTime 653->666 654->640 687 401864-401865 654->687 667 401882-401888 655->667 665->666 669 4018d0-4018db FindCloseChangeNotification 665->669 666->669 670 402c33 667->670 673 4018e1-4018e4 669->673 674 402c2a-402c2d 669->674 675 402c35-402c39 670->675 677 4018e6-4018f7 call 40657a lstrcatW 673->677 678 4018f9-4018fc call 40657a 673->678 674->670 684 401901-4023a2 call 405b9d 677->684 678->684 684->674 684->675 687->667 689 401867-401868 687->689 689->655
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                                                                                            • CompareFileTime.KERNEL32(-00000014,?,get,get,00000000,00000000,get,C:\Program Files (x86)\Fast!,?,?,00000031), ref: 004017D5
                                                                                                                                                                                              • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\), ref: 0040560C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Fast!$C:\Users\user\AppData\Local\FAST!\Temp\$C:\Users\user\AppData\Local\Temp\nsyDC21.tmp$get
                                                                                                                                                                                            • API String ID: 1941528284-411272644
                                                                                                                                                                                            • Opcode ID: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                            • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: ab293c35546dfc3782223427498d6aa4f9bfee0ec5176a09a0fb6643c1be96c6
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040559F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 691 40559f-4055b4 692 4055ba-4055cb 691->692 693 40566b-40566f 691->693 694 4055d6-4055e2 lstrlenW 692->694 695 4055cd-4055d1 call 40657a 692->695 697 4055e4-4055f4 lstrlenW 694->697 698 4055ff-405603 694->698 695->694 697->693 699 4055f6-4055fa lstrcatW 697->699 700 405612-405616 698->700 701 405605-40560c SetWindowTextW 698->701 699->698 702 405618-40565a SendMessageW * 3 700->702 703 40565c-40565e 700->703 701->700 702->703 703->693 704 405660-405663 703->704 704->693
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                            • lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                            • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                            • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\), ref: 0040560C
                                                                                                                                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                                                                                                                                                            • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\
                                                                                                                                                                                            • API String ID: 1495540970-2515538298
                                                                                                                                                                                            • Opcode ID: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                            • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 61fc35634f83d303f4bb0fdf458391b4626c4708e393b35bd1b1a29fdfa46634
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 705 4026ec-402705 call 402d84 708 402c2a-402c2d 705->708 709 40270b-402712 705->709 710 402c33-402c39 708->710 711 402714 709->711 712 402717-40271a 709->712 711->712 713 402720-40272f call 40649d 712->713 714 40287e-402886 712->714 713->714 718 402735 713->718 714->708 719 40273b-40273f 718->719 720 4027d4-4027d7 719->720 721 402745-402760 ReadFile 719->721 723 4027d9-4027dc 720->723 724 4027ef-4027ff call 4060b0 720->724 721->714 722 402766-40276b 721->722 722->714 726 402771-40277f 722->726 723->724 727 4027de-4027e9 call 40610e 723->727 724->714 733 402801 724->733 730 402785-402797 MultiByteToWideChar 726->730 731 40283a-402846 call 406484 726->731 727->714 727->724 730->733 734 402799-40279c 730->734 731->710 736 402804-402807 733->736 737 40279e-4027a9 734->737 736->731 739 402809-40280e 736->739 737->736 740 4027ab-4027d0 SetFilePointer MultiByteToWideChar 737->740 741 402810-402815 739->741 742 40284b-40284f 739->742 740->737 743 4027d2 740->743 741->742 746 402817-40282a 741->746 744 402851-402855 742->744 745 40286c-402878 SetFilePointer 742->745 743->733 747 402857-40285b 744->747 748 40285d-40286a 744->748 745->714 746->714 749 40282c-402832 746->749 747->745 747->748 748->714 749->719 750 402838 749->750 750->714
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                                                                                                                                                              • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                                                                                                                                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                                                                            • String ID: 9
                                                                                                                                                                                            • API String ID: 163830602-2366072709
                                                                                                                                                                                            • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                            • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                                                                                                                                                                                            • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040689A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 751 40689a-4068ba GetSystemDirectoryW 752 4068bc 751->752 753 4068be-4068c0 751->753 752->753 754 4068d1-4068d3 753->754 755 4068c2-4068cb 753->755 757 4068d4-406907 wsprintfW LoadLibraryExW 754->757 755->754 756 4068cd-4068cf 755->756 756->757
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                            • wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                                                                            • API String ID: 2200240437-1946221925
                                                                                                                                                                                            • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                            • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                                                                                            • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 758 402950-402969 call 402da6 call 405e83 763 402972-40298b call 406008 call 40602d 758->763 764 40296b-40296d call 402da6 758->764 770 402991-40299a 763->770 771 402a3b-402a40 763->771 764->763 772 4029a0-4029b7 GlobalAlloc 770->772 773 402a23-402a2b call 4032b4 770->773 774 402a42-402a4e DeleteFileW 771->774 775 402a55 771->775 772->773 776 4029b9-4029d6 call 4034e5 call 4034cf GlobalAlloc 772->776 779 402a30-402a35 CloseHandle 773->779 774->775 783 4029d8-4029e0 call 4032b4 776->783 784 402a0c-402a13 call 4060df 776->784 779->771 787 4029e5 783->787 788 402a18-402a1f GlobalFree 784->788 789 4029ff-402a01 787->789 788->773 790 402a03-402a06 GlobalFree 789->790 791 4029e7-4029fc call 405fe8 789->791 790->784 791->789
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00402A06
                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402A19
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2667972263-0
                                                                                                                                                                                            • Opcode ID: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                            • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e4de5253702851df6d0b6f642b82d6f2ecc2e1b33ad35e1f152e248e008f3c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405A6E Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 794 405a6e-405ab9 CreateDirectoryW 795 405abb-405abd 794->795 796 405abf-405acc GetLastError 794->796 797 405ae6-405ae8 795->797 796->797 798 405ace-405ae2 SetFileSecurityW 796->798 798->795 799 405ae4 GetLastError 798->799 799->797
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405AC5
                                                                                                                                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405AE4
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 3449924974-3081826266
                                                                                                                                                                                            • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                            • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 800 401c43-401c63 call 402d84 * 2 805 401c65-401c6c call 402da6 800->805 806 401c6f-401c73 800->806 805->806 808 401c75-401c7c call 402da6 806->808 809 401c7f-401c85 806->809 808->809 812 401cd3-401cfd call 402da6 * 2 FindWindowExW 809->812 813 401c87-401ca3 call 402d84 * 2 809->813 823 401d03 812->823 824 401cc3-401cd1 SendMessageW 813->824 825 401ca5-401cc1 SendMessageTimeoutW 813->825 826 401d06-401d09 823->826 824->823 825->826 827 402c2a-402c39 826->827 828 401d0f 826->828 828->827
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Timeout
                                                                                                                                                                                            • String ID: !
                                                                                                                                                                                            • API String ID: 1777923405-2657877971
                                                                                                                                                                                            • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                            • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                                                                                                                                                                                            • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040248A Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsyDC21.tmp,00000023,00000011,00000002), ref: 004024D5
                                                                                                                                                                                            • RegSetValueExW.KERNEL32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsyDC21.tmp,00000000,00000011,00000002), ref: 00402515
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsyDC21.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseValuelstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp
                                                                                                                                                                                            • API String ID: 2655323295-160519699
                                                                                                                                                                                            • Opcode ID: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                            • Instruction ID: a32c4fc66ba480c3aafb49ec1434dbeb720bd0d2787204a1d049ba7b64bbfaa1
                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1a2893963f699a3576f9d9343ac39c609614edfb45ea7287c3b3745176a0f7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B118E71E00119BEEF10AFA5DE49EAEBAB8FF44358F15443AF504F61C1D7B88D40AA58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405F14 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                            • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                                                                            • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 3248276644-3049482934
                                                                                                                                                                                            • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                            • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                                                                                                                                                                                            • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040605C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040607A
                                                                                                                                                                                            • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CountFileNameTempTick
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                                                                            • API String ID: 1716503409-678247507
                                                                                                                                                                                            • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                            • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                                                                                            • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                              • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                                                                              • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                                                                                                                                                                                            • SetCurrentDirectoryW.KERNEL32(?,C:\Program Files (x86)\Fast!,?,00000000,000000F0), ref: 0040164D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Program Files (x86)\Fast!, xrefs: 00401640
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                            • API String ID: 1892508949-1788482285
                                                                                                                                                                                            • Opcode ID: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                            • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                                                                                                                                                                                            • Opcode Fuzzy Hash: e89a9e6a3f09ade376d0d4b3fd71c203f5cd3ef8be9bd613e1140dffb9deb40c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040640B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(?,?,00000000,00000000,?,00000800,00000000,?,00000000,?,?,Remove folder: ,?,?,00406672,80000002), ref: 00406451
                                                                                                                                                                                            • RegCloseKey.KERNEL32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\), ref: 0040645C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                            • String ID: Remove folder:
                                                                                                                                                                                            • API String ID: 3356406503-1958208860
                                                                                                                                                                                            • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                            • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                                                                                            • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403B57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,74DF3420,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00403B78
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Free$GlobalLibrary
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 1100898210-3081826266
                                                                                                                                                                                            • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                            • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                                                                                            • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004020D8 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,000000F0), ref: 00402103
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\), ref: 0040560C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402114
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402191
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 334405425-0
                                                                                                                                                                                            • Opcode ID: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                            • Instruction ID: d1cf9917c249e547a3b1759614bc69e8b445b1996c4dbd71fd6f6dd46acd7470
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0812a69665cf11e377adb3684f8a171474585e26745252b9346dd4e1bc3f05c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A21C231904104FACF11AFA5CE48A9D7A71BF48358F20413BF605B91E1DBBD8A82965D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GlobalFree.KERNELBASE(031A16C0), ref: 00401C0B
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000804), ref: 00401C1D
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Global$AllocFreelstrcatlstrlen
                                                                                                                                                                                            • String ID: get
                                                                                                                                                                                            • API String ID: 3292104215-4248514160
                                                                                                                                                                                            • Opcode ID: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                            • Instruction ID: 7c0f58a685d1fc6dd3685da305ee1819882fb4420ac17dc2787245939102450a
                                                                                                                                                                                            • Opcode Fuzzy Hash: cecd7903579db09396e99fcb4041446ac8fea00c0e28d0f13f956e9ee607e8f0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21D872904210EBDB20AFA8EE84A5E73B4EB04715755063BF552F72D0D7B8AC414B9D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405C01 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00406008: GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                              • Part of subcall function 00406008: SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C1C
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,?,?,00000000,00405DE3), ref: 00405C24
                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405C3C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1655745494-0
                                                                                                                                                                                            • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                            • Instruction ID: 0274c5225d47ddc366315f3a2fda4b694ad97aa72442a0e2fcdbaf00fd257d87
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4E0E53110CF9156E61457309E08F5F2AD8EF86715F05493EF892B10C0CBB848068E6A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Program Files (x86)\Fast!, xrefs: 00402269
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateInstance
                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Fast!
                                                                                                                                                                                            • API String ID: 542301482-1788482285
                                                                                                                                                                                            • Opcode ID: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                            • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                                                                                                                                                                                            • Opcode Fuzzy Hash: f0c7f0c58da5b2556a219b4126ec8a5e6c03aa9de5f34d462473648d541e39b0
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040252A Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 0040255B
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsyDC21.tmp,00000000,00000011,00000002), ref: 004025FD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseQueryValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3356406503-0
                                                                                                                                                                                            • Opcode ID: f0203ba3881819d7b9bb9119f6d82b13770a830527b7165a928350ff739dcab4
                                                                                                                                                                                            • Instruction ID: 3e5dab0bbcc9b7b4348569693e39c51bc0b27c59e8ea0ed6abb05ebc10b9b344
                                                                                                                                                                                            • Opcode Fuzzy Hash: f0203ba3881819d7b9bb9119f6d82b13770a830527b7165a928350ff739dcab4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F116D71900219EADF14DFA4DA589AE77B4FF04345B20443BE401B62C0E7B88A45EB5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                                                                            • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                            • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                            • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405672 Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 00405682
                                                                                                                                                                                              • Part of subcall function 004044E5: SendMessageW.USER32(0002044A,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                            • OleUninitialize.OLE32(00000404,00000000,?,00000000,?), ref: 004056CE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InitializeMessageSendUninitialize
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2896919175-0
                                                                                                                                                                                            • Opcode ID: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                                                                                            • Instruction ID: 6be4ff692d487ef8b3e25caebddd25c5d55207980f196ef2193ccf2f8785d180
                                                                                                                                                                                            • Opcode Fuzzy Hash: 373f90d4a1babe4f1a04baa381ba9309e44634cfc63d647d34b32aa976a59a0d
                                                                                                                                                                                            • Instruction Fuzzy Hash: B3F0F0765006009AE6115B95A901BA677A8EBD4316F49883AEF88632E0CB365C418A1C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                                                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$EnableShow
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1136574915-0
                                                                                                                                                                                            • Opcode ID: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                            • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ade1ed26a80a7dd8760c06c43378076533002221f41e68569be4ee1dd8de31a
                                                                                                                                                                                            • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405B20 Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateHandleProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3712363035-0
                                                                                                                                                                                            • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                            • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040690A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                                                                                                                                                                                              • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                                                                                                                                                                                              • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                                                                                                                                                                                              • Part of subcall function 0040689A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406900
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2547128583-0
                                                                                                                                                                                            • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                            • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040602D Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                            • CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$AttributesCreate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 415043291-0
                                                                                                                                                                                            • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                            • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                                                                                            • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406008 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileAttributesW.KERNEL32(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                                                                                                                                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3188754299-0
                                                                                                                                                                                            • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                            • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403B12 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\, xrefs: 00403B31
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseHandle
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\
                                                                                                                                                                                            • API String ID: 2962429428-879239898
                                                                                                                                                                                            • Opcode ID: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                            • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                                                                                                                                                                                            • Opcode Fuzzy Hash: e86ec88962d2cddd060eb64ec5e150871475ae72b9f2b14f7d4b77a190cc5563
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405AEB Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00405AFF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1375471231-0
                                                                                                                                                                                            • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                            • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                                                                                                                                                                                            • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004063D8 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegCreateKeyExW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402E57,00000000,?,?), ref: 00406401
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                            • Opcode ID: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                            • Instruction ID: ccab944935cfefb85f0e849ce69279fb55db75a3b7fb0960311cd9d36817041a
                                                                                                                                                                                            • Opcode Fuzzy Hash: f0170b29b94a961cdf0cc122a920c286c7e5b726b195fdee8f598fb45efbb6e4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 04E0E6B2010109BFEF095F90DC0AD7B3B1DE704300F01892EFD06D4091E6B5AD306675
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004060DF Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,0041EA20,000000FF,0041EA20,000000FF,000000FF,00000004,00000000), ref: 004060F3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3934441357-0
                                                                                                                                                                                            • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                            • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                                                                                            • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004060B0 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileRead
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2738559852-0
                                                                                                                                                                                            • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                            • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                                                                                            • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004063AA Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegOpenKeyExW.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,00406438,?,00000000,?,?,Remove folder: ,?), ref: 004063CE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Open
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 71445658-0
                                                                                                                                                                                            • Opcode ID: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                            • Instruction ID: 4361357c0318622cec318f667d88df30c4c29b75262f7bca7234b06b46464da2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 759d75b29ffd137612e455953a298f0698f5beae901813cd77d6ec234b014f3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 83D0123210020EBBDF115F91AD01FAB3B5DAB08310F014426FE06E40A1D775D530A764
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004062FD Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MoveFileExW.KERNEL32(?,?,00000005,00405DFB,?,00000000,000000F1,?,?,?,?,?), ref: 00406307
                                                                                                                                                                                              • Part of subcall function 00406183: CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                              • Part of subcall function 00406183: GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                              • Part of subcall function 00406183: GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                              • Part of subcall function 00406183: wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                              • Part of subcall function 00406183: GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                              • Part of subcall function 00406183: GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                              • Part of subcall function 00406183: lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                              • Part of subcall function 00406183: SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$NamePathShort$AllocCloseGlobalHandleMovePointerSizelstrcpywsprintf
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1930046112-0
                                                                                                                                                                                            • Opcode ID: 8f53434626867040aeaf300899a332654148b257c03f208a35692daf52d65ed0
                                                                                                                                                                                            • Instruction ID: 786f9f27e87e5c9ea407ae46cb6f26f26cce76303f9e9442b57226035b255668
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f53434626867040aeaf300899a332654148b257c03f208a35692daf52d65ed0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AD05232108201BECA011B40ED04A0ABBA2EB84316F11842EF599A40B0EB3280219B09
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404499 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,?,00000000), ref: 004044B3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ItemTextlstrcatlstrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 281422827-0
                                                                                                                                                                                            • Opcode ID: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                            • Instruction ID: 6ac98b26730712a62f5b3967fa7f39b4c61dbbfa6ef1674fce18da22a1fc1fc0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 90e9d348aac44dd859050291e9807f2f15480ffb268b4e012463b180631e3b26
                                                                                                                                                                                            • Instruction Fuzzy Hash: D3C08C35008200BFD641A714EC42F0FB7A8FFA031AF00C42EB05CA10D1C63494208A2A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004044E5 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(0002044A,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                            • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                            • Instruction ID: 729772cd993a62bf3dcd5a53f5ba0c6067f9c4589e443fe2cdcdd0dddf41cb53
                                                                                                                                                                                            • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74C04CB1740605BADA108B509D45F0677546750701F188429B641A50E0CA74E410D62C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405B63 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ShellExecuteExW.SHELL32(?), ref: 00405B72
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExecuteShell
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 587946157-0
                                                                                                                                                                                            • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                            • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                                                                                            • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004044CE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                            • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                            • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004034E5 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FilePointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 973152223-0
                                                                                                                                                                                            • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                            • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                                                                                            • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004044BB Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • KiUserCallbackDispatcher.NTDLL(?,00404292), ref: 004044C5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallbackDispatcherUser
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2492992576-0
                                                                                                                                                                                            • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                            • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                                                                                            • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000,00425E0F,74DF23A0,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                                                                                                                                                                                              • Part of subcall function 0040559F: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00403418), ref: 004055FA
                                                                                                                                                                                              • Part of subcall function 0040559F: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\), ref: 0040560C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                                                                                                                                                                                              • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                                                                                                                                                                                              • Part of subcall function 00405B20: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,00000000,00000000), ref: 00405B49
                                                                                                                                                                                              • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                                                                              • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                                                                                                                                                                                              • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32(?,?), ref: 004069E8
                                                                                                                                                                                              • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2972824698-0
                                                                                                                                                                                            • Opcode ID: fa18f46a8673bca6434a5c9373a6cbc3dc8609fa07edefac18420a2ce970209b
                                                                                                                                                                                            • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa18f46a8673bca6434a5c9373a6cbc3dc8609fa07edefac18420a2ce970209b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                            • Opcode ID: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                            • Instruction ID: 7e4bd3fa72896d3e54e8b4d9ea8ddceac118c8145159a7c2ee745a60f6c60e84
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0247c60e4c81cd0d93bf07655b107266fb29897d22759340ec027b86c090604d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8DD0A773B141018BD704EBFCFE8545E73E8EB503293208C37D402E10D1E678C846461C
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00404F06 Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 489windowmemoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404F1E
                                                                                                                                                                                            • GetDlgItem.USER32(?,00000408), ref: 00404F29
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                                                                                                                                                                                            • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404F8A
                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000FC,00405513), ref: 00404FA3
                                                                                                                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                                                                                                                                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                                                                                                                                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                                                                                                                                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                                                                                                                                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00405000
                                                                                                                                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                                                                                                                                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                                                                                                                                                                                              • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                                                                                                                                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                                                                                                                                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405152
                                                                                                                                                                                            • ShowWindow.USER32(?,00000005), ref: 00405162
                                                                                                                                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                                                                                                                                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                                                                                                                                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                                                                                                                                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                                                                                                                                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                                                                                                                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00405330
                                                                                                                                                                                            • GlobalFree.KERNEL32(?), ref: 00405340
                                                                                                                                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                                                                                                                                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                                                                                                                                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                                                                                                                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                                                                                                                                                                                            • ShowWindow.USER32(?,00000000), ref: 004054EA
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FE), ref: 004054F5
                                                                                                                                                                                            • ShowWindow.USER32(00000000), ref: 004054FC
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                                                                            • String ID: $M$N$r\g
                                                                                                                                                                                            • API String ID: 2564846305-4196085220
                                                                                                                                                                                            • Opcode ID: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                            • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8650db15f8eec7f2c7436ff7bc9e6097db9116c58dec0643669c66b6eab2f928
                                                                                                                                                                                            • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404658 Relevance: 40.5, APIs: 19, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 0040470A
                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00404738
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                                                                                                                                                                                            • lstrlenW.KERNEL32(?), ref: 00404759
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                                                                                                                                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                                                                                                                                                                                            • GetDlgItem.USER32(?,0000040A), ref: 004047D4
                                                                                                                                                                                            • SendMessageW.USER32(00000000), ref: 004047DB
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003E8), ref: 00404806
                                                                                                                                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 0040485A
                                                                                                                                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                                                                                                                                                                                            • SetCursor.USER32(00000000), ref: 00404876
                                                                                                                                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                                                                                                                                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                                                                            • String ID: N$Remove folder: $r\g$f
                                                                                                                                                                                            • API String ID: 3103080414-1257271236
                                                                                                                                                                                            • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                            • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040498A Relevance: 26.5, APIs: 10, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,000003FB), ref: 004049D9
                                                                                                                                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                                                                                                                                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                                                                                                                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                                                                                                                                                                                            • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 00404AF1
                                                                                                                                                                                            • lstrcatW.KERNEL32(?,Remove folder: ), ref: 00404AFD
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404B0F
                                                                                                                                                                                              • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                                                                                                                                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                              • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                              • Part of subcall function 004067C4: CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                            • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                                                                                                                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                                                                                                                                                                                              • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                              • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                              • Part of subcall function 00404D46: SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                                                                            • String ID: A$C:\Program Files (x86)\Fast!$Remove folder: $r\g$f
                                                                                                                                                                                            • API String ID: 2624150263-1505874862
                                                                                                                                                                                            • Opcode ID: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                            • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: fab986b41fe51bcb83dfe55d65232c7215597a26c5e3df290e301c6af6088bb7
                                                                                                                                                                                            • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                                                                            • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                                                                            • String ID: F
                                                                                                                                                                                            • API String ID: 941294808-1304234792
                                                                                                                                                                                            • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                            • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                                                                                                                                                                                            • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00406183 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004061C7
                                                                                                                                                                                              • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                              • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                            • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004061E4
                                                                                                                                                                                            • wsprintfA.USER32 ref: 00406202
                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                                                                                                                                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                                                                                                                                                                                            • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 004062EB
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                                                                                                                                                                                              • Part of subcall function 0040602D: GetFileAttributesW.KERNEL32(00000003,004030BD,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                                                                                                                                                                                              • Part of subcall function 0040602D: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                                                                            • String ID: %ls=%ls$[Rename]
                                                                                                                                                                                            • API String ID: 2171350718-461813615
                                                                                                                                                                                            • Opcode ID: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                            • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d52cae6b0df5babf044fe540a8f61f10365d92318d6db6e700b5564579bcd37
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404500 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                                                                                                                                                                                            • GetSysColor.USER32(00000000), ref: 0040455B
                                                                                                                                                                                            • SetTextColor.GDI32(?,00000000), ref: 00404567
                                                                                                                                                                                            • SetBkMode.GDI32(?,?), ref: 00404573
                                                                                                                                                                                            • GetSysColor.USER32(?), ref: 00404586
                                                                                                                                                                                            • SetBkColor.GDI32(?,?), ref: 00404596
                                                                                                                                                                                            • DeleteObject.GDI32(?), ref: 004045B0
                                                                                                                                                                                            • CreateBrushIndirect.GDI32(?), ref: 004045BA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2320649405-0
                                                                                                                                                                                            • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                            • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                                                                                                                                                                                            • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 004067C4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                                                                                                                                                                                            • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                                                                                                                                                                                            • CharNextW.USER32(?,00000000,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                                                                                                                                                                                            • CharPrevW.USER32(?,?,74DF3420,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Char$Next$Prev
                                                                                                                                                                                            • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 589700163-4010320282
                                                                                                                                                                                            • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                            • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404E54 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                                                                                                                                                                                            • GetMessagePos.USER32 ref: 00404E77
                                                                                                                                                                                            • ScreenToClient.USER32(?,?), ref: 00404E91
                                                                                                                                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                                                                                                                                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$Send$ClientScreen
                                                                                                                                                                                            • String ID: f
                                                                                                                                                                                            • API String ID: 41195575-1993550816
                                                                                                                                                                                            • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                            • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDC.USER32(?), ref: 00401E51
                                                                                                                                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                                                                                            • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                                                                                                                                                                                              • Part of subcall function 0040657A: lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,?,004055D6,Remove folder: C:\Users\user\AppData\Local\Temp\nsyDC21.tmp\,00000000), ref: 00406779
                                                                                                                                                                                            • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                                                                                                                                                            • String ID: MS Shell Dlg
                                                                                                                                                                                            • API String ID: 2584051700-76309092
                                                                                                                                                                                            • Opcode ID: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                            • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0465d2832808ea9d6fff4b9245e4cab849096788d5b9b76ed02900a81bf07427
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402F93 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                                                                                                                                                            • MulDiv.KERNEL32(07CF3DC5,00000064,07CF6B30), ref: 00402FDC
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00402FEC
                                                                                                                                                                                            • SetWindowTextW.USER32(?,?), ref: 00402FFC
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 0040300E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • verifying installer: %d%%, xrefs: 00402FE6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                                                                            • String ID: verifying installer: %d%%
                                                                                                                                                                                            • API String ID: 1451636040-82062127
                                                                                                                                                                                            • Opcode ID: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                            • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34baaeb4f482044ab67dd7918236f7f229881b82dd6befd7adca30260b95ec65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                                                                                                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                                                                                                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseEnum$DeleteValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1354259210-0
                                                                                                                                                                                            • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                            • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                                                                                                                                                                                            • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                                                                                            • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                                                                                            • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                                                                                            • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1849352358-0
                                                                                                                                                                                            • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                            • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00404D46 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00404DF0
                                                                                                                                                                                            • SetDlgItemTextW.USER32(?,0042D268), ref: 00404E03
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                                                                                                                            • String ID: %u.%u%s%s
                                                                                                                                                                                            • API String ID: 3540041739-3551169577
                                                                                                                                                                                            • Opcode ID: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                            • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                                                                                                                                                                                            • Opcode Fuzzy Hash: ef5a487acd93c416279d422af54232d8d0333c49029b07dfc4f1175e68c26d0a
                                                                                                                                                                                            • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405EB7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CharNextW.USER32(?,?,C:\,?,00405F2B,C:\,C:\,74DF3420,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,74DF3420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                                                                                                                                                                                            • CharNextW.USER32(00000000), ref: 00405ECA
                                                                                                                                                                                            • CharNextW.USER32(00000000), ref: 00405EE2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharNext
                                                                                                                                                                                            • String ID: C:\
                                                                                                                                                                                            • API String ID: 3213498283-3404278061
                                                                                                                                                                                            • Opcode ID: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                            • Instruction ID: b7f7aa27055ddc775a1b47344aef2f77b81fec2ea34db2f3ccdabfa21b6bce3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 389604e099afbb0f1c733809242fd9884b65eb47018f1a61235cb76474637dc7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF0F631810E1296DB317B548C44E7B97BCEB64354B04843BD741B71C0D3BC8D808BDA
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405E0C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                                                                                                                                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                                                                                                                                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                                                                            • API String ID: 2659869361-3081826266
                                                                                                                                                                                            • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                            • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0040263E Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 65stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\FAST!\Temp\), ref: 00402695
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\FAST!\Temp\$C:\Users\user\AppData\Local\Temp\nsyDC21.tmp
                                                                                                                                                                                            • API String ID: 1659193697-110998952
                                                                                                                                                                                            • Opcode ID: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                            • Instruction ID: edf8e5a6553ae7ef136857fb61bcac29e22bbc78049b19fa22ca3c34260198f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 00933c64229d8af25222ad9bfa8c1bb017ce3e6fae46a45fef74913abf3a9e56
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2611EB71A00215BBCB10BFB18E4AAAE7665AF40744F25443FE002B71C2EAFC8891565E
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00403019 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • DestroyWindow.USER32(00000000,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040304A
                                                                                                                                                                                            • CreateDialogParamW.USER32(0000006F,00000000,00402F93,00000000), ref: 00403067
                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2102729457-0
                                                                                                                                                                                            • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                            • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                                                                                                                                                                                            • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                                                                                                                                                                                            • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405513 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsWindowVisible.USER32(?), ref: 00405542
                                                                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                                                                                                                                                                                              • Part of subcall function 004044E5: SendMessageW.USER32(0002044A,00000000,00000000,00000000), ref: 004044F7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3748168415-3916222277
                                                                                                                                                                                            • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                            • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                                                                                                                                                                                            • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405E58 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenW.KERNEL32(80000000,C:\Users\user\AppData\Local\FAST!\Temp,004030E9,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                                                                                                                                                                                            • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\AppData\Local\FAST!\Temp,004030E9,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,C:\Users\user\AppData\Local\FAST!\Temp\SetupEngine.exe,80000000,00000003), ref: 00405E6E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\AppData\Local\FAST!\Temp, xrefs: 00405E58
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CharPrevlstrlen
                                                                                                                                                                                            • String ID: C:\Users\user\AppData\Local\FAST!\Temp
                                                                                                                                                                                            • API String ID: 2709904686-1915228259
                                                                                                                                                                                            • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                            • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00405F92 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                                                                                                                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405FBA
                                                                                                                                                                                            • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000005.00000002.2297015609.0000000000401000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                            • Associated: 00000005.00000002.2296978914.0000000000400000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297046996.0000000000408000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000040A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042C000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000042F000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000431000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000436000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043B000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000043E000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000440000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.0000000000457000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297123694.000000000045A000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000005.00000002.2297754259.000000000045B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_5_2_400000_SetupEngine.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 190613189-0
                                                                                                                                                                                            • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                            • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:8.2%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:6.5%
                                                                                                                                                                                            Total number of Nodes:1900
                                                                                                                                                                                            Total number of Limit Nodes:11
                                                                                                                                                                                            execution_graph 5661 edb8ec 5662 edb924 5661->5662 5663 ed834c 8 API calls 5662->5663 5676 edb933 5663->5676 5664 edba96 5665 ed834c 8 API calls 5664->5665 5666 edbaa5 5665->5666 5667 ed834c 8 API calls 5666->5667 5668 edbad5 5667->5668 5669 ed834c 8 API calls 5668->5669 5670 edbaee 5669->5670 5671 ed834c 8 API calls 5670->5671 5672 edbb0b 5671->5672 5673 ed834c 8 API calls 5672->5673 5674 edbb24 5673->5674 5675 ed834c 8 API calls 5674->5675 5677 edbb2f 5675->5677 5676->5664 5678 ed834c 8 API calls 5676->5678 5679 ed834c 8 API calls 5677->5679 5678->5676 5680 edbb3a 5679->5680 5681 edd2ee GetModuleHandleA 5682 edd2ff 5681->5682 5686 ecf766 5711 ed0a84 5686->5711 5689 ed0a84 12 API calls 5690 ecf7b3 5689->5690 5691 ed0a84 12 API calls 5690->5691 5710 ecf937 5690->5710 5692 ecf7db 5691->5692 5693 ed0a84 12 API calls 5692->5693 5692->5710 5694 ecf803 5693->5694 5695 ed0a84 12 API calls 5694->5695 5694->5710 5696 ecf82b 5695->5696 5697 ed0a84 12 API calls 5696->5697 5696->5710 5698 ecf853 5697->5698 5699 ed0a84 12 API calls 5698->5699 5698->5710 5700 ecf87b 5699->5700 5701 ed0a84 12 API calls 5700->5701 5700->5710 5702 ecf8a3 5701->5702 5703 ed0a84 12 API calls 5702->5703 5702->5710 5704 ecf8cb 5703->5704 5705 ed0a84 12 API calls 5704->5705 5704->5710 5706 ecf8ef 5705->5706 5707 ed0a84 12 API calls 5706->5707 5706->5710 5708 ecf913 5707->5708 5709 ed0a84 12 API calls 5708->5709 5708->5710 5709->5710 5712 ed0a90 __EH_prolog3_GS 5711->5712 5721 ecf15e 5712->5721 5715 ed0b16 VariantClear 5737 ecf72b 5715->5737 5720 ed0af2 _wcsicmp SysFreeString 5720->5715 5744 edd14c 5721->5744 5723 ecf16a VariantClear 5724 ecf227 SysAllocString 5723->5724 5728 ecf18f 5723->5728 5729 ecf235 5724->5729 5725 ecf254 free 5725->5729 5726 ecf262 5730 edd100 4 API calls 5726->5730 5727 ecf224 5727->5724 5728->5727 5732 ecf1c8 5728->5732 5745 ecf002 5728->5745 5729->5725 5729->5726 5731 ecf26c 5730->5731 5731->5715 5731->5720 5732->5729 5734 ecf1e4 malloc 5732->5734 5736 ecf1cc 5732->5736 5734->5727 5734->5736 5735 ecf204 MultiByteToWideChar 5735->5727 5736->5727 5736->5735 5738 ecf741 5737->5738 5739 edcfa0 4 API calls 5738->5739 5740 ecf75d 5739->5740 5741 edd100 5740->5741 5742 edcfa0 4 API calls 5741->5742 5743 ecf785 5742->5743 5743->5689 5743->5710 5744->5723 5746 ecf00e 5745->5746 5749 edd5b4 5746->5749 5750 edcfa0 4 API calls 5749->5750 5751 ecf069 5750->5751 5751->5732 5752 ec9ae0 5753 ec9afc 5752->5753 5754 ec9af4 ??3@YAXPAX 5752->5754 5754->5753 5755 ec9d60 5758 edd7cd __iob_func 5755->5758 5757 ec9d72 vfprintf 5758->5757 4912 ed1f60 4914 ed1f6f __EH_prolog3_GS 4912->4914 4913 ed1ff8 srand 4915 ed2013 4913->4915 4921 ed2094 4913->4921 4914->4913 5151 ecaa3b 4914->5151 5050 ed1370 4915->5050 4918 ed1fd8 4918->4913 4920 ed207d 5154 ed1330 4920->5154 4999 ed20b5 __aulldiv 4921->4999 5054 ed1175 GetCurrentProcess OpenProcessToken 4921->5054 4924 ed253e 4926 ed1370 4 API calls 4924->4926 4925 eca786 memcpy 4925->4999 4927 ed255b 4926->4927 5082 ed47a3 4927->5082 4931 ed208d 4932 ed2da3 4931->4932 4935 ed2d8c VirtualFree 4931->4935 4936 ed2da8 FindCloseChangeNotification 4932->4936 4937 ed2db8 4932->4937 4934 ed1330 4 API calls 4939 ed2731 4934->4939 4935->4931 4936->4932 4942 ed2dc9 4937->4942 4943 ed2dc2 CloseHandle 4937->4943 4946 eca1b9 2 API calls 4939->4946 4940 ed212c atoi sprintf_s 4940->4999 4941 ed215d isalpha 4941->4999 5262 ed2df7 4942->5262 4943->4942 4945 ed2685 4948 ed2af0 4945->4948 4950 ed26a8 4945->4950 4946->4931 4947 ed2172 sprintf_s 4947->4999 4951 ed2b3b 4948->4951 4955 ed2b0d CreateIoCompletionPort 4948->4955 4954 ed1681 5 API calls 4950->4954 5101 ed46bf 4951->5101 4957 ed26b8 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4954->4957 4955->4948 4958 ed2b42 GetLastError 4955->4958 4964 ed1370 4 API calls 4957->4964 4958->4951 4961 eca1b9 2 API calls 4974 ed259d 4961->4974 4962 ed2b6b 5105 ed463a 4962->5105 4966 ed26f4 SetFilePointerEx 4964->4966 4969 ed2715 GetLastError 4966->4969 4970 ed2834 4966->4970 4967 ed47a3 13 API calls 4996 ed2b87 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 4967->4996 4968 ed2232 CreateFileA 4973 ed27f1 GetLastError 4968->4973 4968->4999 4978 ed2726 4969->4978 4972 ed1370 4 API calls 4970->4972 4971 edc74e 11 API calls 4971->4974 4976 ed284b WaitForSingleObject 4972->4976 4984 ed280a 4973->4984 4974->4945 4974->4961 4974->4971 5195 eca786 4974->5195 5198 ecea01 4974->5198 4975 ed2cfc 4982 ed1370 4 API calls 4975->4982 4980 ed2861 GetLastError 4976->4980 4981 ed2872 4976->4981 4985 ed1330 4 API calls 4978->4985 4980->4981 4986 ed1370 4 API calls 4981->4986 4987 ed2d13 WaitForSingleObject 4982->4987 4988 ed1330 4 API calls 4984->4988 4985->4939 4990 ed2889 4986->4990 4987->4980 4991 ed2d2d 4987->4991 4988->4939 4989 ed4c97 8 API calls 4989->4996 4990->4931 4997 ed28af 4990->4997 4994 ed1370 4 API calls 4991->4994 4992 ed4fac 8 API calls 4992->4999 4993 ed22da SetFileInformationByHandle 4998 ed2738 GetLastError 4993->4998 4993->4999 4995 ed2d44 4994->4995 4995->4931 5005 ed2d68 4995->5005 5006 ed2d5b 4995->5006 4996->4975 4996->4989 5011 ed1490 5 API calls 4996->5011 5020 ed1370 4 API calls 4996->5020 5111 ed1681 4996->5111 5204 ed80d1 GetTickCount64 4997->5204 4998->4984 4999->4924 4999->4925 4999->4931 4999->4940 4999->4941 4999->4947 4999->4968 4999->4992 4999->4993 5000 ed2258 4999->5000 5003 ed2330 GetFileSize 4999->5003 5013 ed2756 4999->5013 5014 ed1330 4 API calls 4999->5014 5016 ed4738 12 API calls 4999->5016 5023 ed27a2 4999->5023 5040 ed1370 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4999->5040 5044 ed2769 4999->5044 5045 eca1b9 memcpy ??3@YAXPAX 4999->5045 5069 ed1640 4999->5069 5073 ecbfd5 4999->5073 5000->4978 5000->4999 5158 ed1250 CreateEventA 5000->5158 5167 ed1085 CreateEventA 5000->5167 5181 ed0fb0 CreateEventA 5000->5181 5003->4999 5008 ed234b GetLastError 5003->5008 5247 ed1da7 5005->5247 5118 ed1733 5006->5118 5008->4999 5008->5013 5011->4996 5012 ed2aa6 5012->4931 5013->4934 5014->4999 5016->4999 5019 ed28f8 Sleep 5038 ed28ce __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5019->5038 5020->4996 5022 ed293f ReadFile 5022->5038 5025 eca786 memcpy 5023->5025 5028 ed27b0 5025->5028 5027 ed2aab GetLastError 5030 ed1330 4 API calls 5027->5030 5032 ed1330 4 API calls 5028->5032 5030->5012 5031 ed1330 4 API calls 5031->5038 5034 ed2797 5032->5034 5039 eca1b9 2 API calls 5034->5039 5038->4931 5038->5012 5038->5019 5038->5022 5038->5027 5038->5031 5041 ed1370 4 API calls 5038->5041 5206 ed813d 5038->5206 5214 eca975 QueryPerformanceCounter 5038->5214 5215 ed170c rand 5038->5215 5216 ecc075 5038->5216 5219 ed81c5 5038->5219 5223 ed0d77 5038->5223 5237 ed12f0 5038->5237 5241 ed1490 5038->5241 5039->4939 5040->4999 5043 ed2a7c SetFilePointerEx 5041->5043 5043->5027 5043->5038 5046 eca786 memcpy 5044->5046 5045->4999 5047 ed2777 GetLastError 5046->5047 5049 ed1330 4 API calls 5047->5049 5049->5034 5053 ed138b 5050->5053 5051 edcfa0 4 API calls 5052 ed13ad GetCurrentThread SetThreadGroupAffinity 5051->5052 5052->4920 5052->4921 5053->5051 5055 ed11ac GetLastError 5054->5055 5056 ed11c3 LookupPrivilegeValueA 5054->5056 5057 ed1330 4 API calls 5055->5057 5058 ed11ee AdjustTokenPrivileges 5056->5058 5059 ed11de GetLastError 5056->5059 5063 ed11be 5057->5063 5061 ed120d GetLastError 5058->5061 5062 ed1205 GetLastError 5058->5062 5060 ed1217 5059->5060 5064 ed1330 4 API calls 5060->5064 5061->5060 5061->5063 5062->5060 5065 ed122f FindCloseChangeNotification 5063->5065 5066 ed1238 5063->5066 5064->5063 5065->5066 5067 edcfa0 4 API calls 5066->5067 5068 ed1247 5067->5068 5068->4999 5070 ed1657 5069->5070 5072 ed1660 5069->5072 5071 ed1490 5 API calls 5070->5071 5071->5072 5072->4999 5074 ecbff6 GetLargePageMinimum 5073->5074 5075 ecc010 5073->5075 5076 ecc018 VirtualAlloc 5074->5076 5075->5076 5077 ecc062 5076->5077 5078 ecc030 5076->5078 5077->4999 5079 ecc047 5078->5079 5080 ecc03a memset 5078->5080 5281 ecc0e3 5079->5281 5080->5079 5083 ed47e8 5082->5083 5084 ed47c0 5082->5084 5087 ed257d 5083->5087 5312 ed50f1 5083->5312 5085 ed47d0 memmove 5084->5085 5084->5087 5085->5087 5088 ed4b56 5087->5088 5089 ed4b64 5088->5089 5090 ed2588 5089->5090 5371 ed77cb 5089->5371 5092 ed4b83 5090->5092 5093 ed4b8f __EH_prolog3_catch 5092->5093 5094 ed4bc9 5093->5094 5095 ed4baa 5093->5095 5100 ed4bc1 5094->5100 5403 ed546e 5094->5403 5394 ed54c5 5095->5394 5100->4974 5102 ed46f4 5101->5102 5104 ed46de 5101->5104 5102->5104 5536 ed5010 5102->5536 5104->4962 5106 ed467f 5105->5106 5107 ed4657 5105->5107 5108 ed2b79 5106->5108 5554 ed4fac 5106->5554 5107->5108 5110 ed4667 memmove 5107->5110 5108->4967 5110->5108 5112 ed16bc 5111->5112 5113 ed16b6 5111->5113 5115 ed1490 5 API calls 5112->5115 5113->5112 5114 ed16c9 5113->5114 5116 ed1640 5 API calls 5114->5116 5117 ed16c5 5115->5117 5116->5117 5117->4996 5119 ed173f 5118->5119 5562 ed4dd7 5119->5562 5121 ed1794 5123 ed17d5 5121->5123 5129 ed17f7 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5121->5129 5122 ed1b04 5124 ed1b0e ??3@YAXPAX 5122->5124 5125 ed1b16 5122->5125 5127 ed80d1 GetTickCount64 5123->5127 5124->5125 5125->4931 5126 ed813d 2 API calls 5126->5129 5127->5121 5128 ed19b9 GetQueuedCompletionStatus 5128->5129 5130 ed1aea GetLastError 5128->5130 5129->5122 5129->5126 5129->5128 5132 ed19b2 Sleep 5129->5132 5133 ed1330 4 API calls 5129->5133 5135 ed0d77 16 API calls 5129->5135 5138 ed1490 5 API calls 5129->5138 5139 ed18ff ReadFile 5129->5139 5140 ed1932 5129->5140 5141 ed12f0 4 API calls 5129->5141 5144 ed1960 GetLastError 5129->5144 5145 ed1370 4 API calls 5129->5145 5147 ed1979 5129->5147 5566 ed170c rand 5129->5566 5567 eca975 QueryPerformanceCounter 5129->5567 5130->5129 5131 ed1b47 5130->5131 5134 ed1330 4 API calls 5131->5134 5132->5128 5133->5129 5134->5122 5135->5129 5138->5129 5139->5129 5142 ecc075 rand 5140->5142 5141->5129 5143 ed1950 WriteFile 5142->5143 5143->5129 5144->5129 5146 ed1b1e GetLastError 5144->5146 5145->5129 5150 ed1330 4 API calls 5146->5150 5148 ed81c5 GetTickCount64 5147->5148 5148->5129 5150->5122 5152 ecaa98 _ftol2 5151->5152 5152->4918 5155 ed134b 5154->5155 5156 edcfa0 4 API calls 5155->5156 5157 ed1367 5156->5157 5157->4931 5159 ed1288 DeviceIoControl 5158->5159 5160 ed1280 GetLastError 5158->5160 5162 ed12a1 GetLastError 5159->5162 5163 ed12d0 5159->5163 5161 ed12e2 5160->5161 5161->5000 5162->5163 5164 ed12b1 GetOverlappedResult 5162->5164 5163->5161 5165 ed12d9 CloseHandle 5163->5165 5164->5163 5166 ed12c6 GetLastError 5164->5166 5165->5161 5166->5163 5168 ed10b8 GetLastError 5167->5168 5169 ed10d4 DeviceIoControl 5167->5169 5170 ed1330 4 API calls 5168->5170 5171 ed10f9 GetLastError 5169->5171 5172 ed1135 CloseHandle 5169->5172 5173 ed10c9 5170->5173 5174 ed1128 5171->5174 5175 ed1106 WaitForSingleObject 5171->5175 5172->5173 5178 edcfa0 4 API calls 5173->5178 5179 ed1330 4 API calls 5174->5179 5176 ed1115 GetLastError 5175->5176 5177 ed1123 5175->5177 5176->5174 5177->5172 5180 ed116c 5178->5180 5179->5177 5180->4999 5182 ed0ffc DeviceIoControl 5181->5182 5183 ed0fe3 GetLastError 5181->5183 5185 ed105d CloseHandle 5182->5185 5186 ed1021 GetLastError 5182->5186 5184 ed1330 4 API calls 5183->5184 5189 ed0ff4 5184->5189 5185->5189 5187 ed102e WaitForSingleObject 5186->5187 5188 ed1050 5186->5188 5190 ed103d GetLastError 5187->5190 5191 ed104b 5187->5191 5192 ed1330 4 API calls 5188->5192 5193 edcfa0 4 API calls 5189->5193 5190->5188 5191->5185 5192->5191 5194 ed107c 5193->5194 5194->5000 5586 ecc26e 5195->5586 5199 ecea0e 5198->5199 5200 ecea21 5198->5200 5201 eca1b9 2 API calls 5199->5201 5200->4974 5202 ecea17 5201->5202 5203 ecc3d7 memmove 5202->5203 5203->5200 5205 ed8112 5204->5205 5205->5038 5207 ed8148 GetTickCount64 5206->5207 5208 ed8171 5206->5208 5209 ed8155 5207->5209 5208->5209 5210 ed8177 5208->5210 5209->5210 5211 ed815c 5209->5211 5212 ed8180 GetTickCount64 5209->5212 5210->5038 5211->5038 5213 ed81a0 5212->5213 5213->5038 5214->5038 5215->5038 5217 ecc0a7 rand 5216->5217 5218 ecc097 WriteFile 5216->5218 5217->5218 5218->5038 5220 ed81fe 5219->5220 5221 ed81e3 5219->5221 5220->5038 5221->5220 5222 ed81e8 GetTickCount64 5221->5222 5222->5220 5224 ed0d8d 5223->5224 5225 ed0e55 5224->5225 5594 eca975 QueryPerformanceCounter 5224->5594 5225->5038 5227 ed0e13 5227->5225 5229 ed0e4a 5227->5229 5230 ed0e57 5227->5230 5228 ed0d9c 5228->5227 5233 ed0e1a 5228->5233 5234 ed0e02 5228->5234 5603 edc7d3 5229->5603 5232 edc7d3 11 API calls 5230->5232 5232->5225 5236 ed556e 10 API calls 5233->5236 5595 ed556e 5234->5595 5236->5227 5238 ed130b 5237->5238 5239 edcfa0 4 API calls 5238->5239 5240 ed1327 5239->5240 5240->5038 5242 ed14bb 5241->5242 5244 ed14f4 __aullrem 5242->5244 5658 ed13b6 rand rand rand rand rand 5242->5658 5245 ed1640 5 API calls 5244->5245 5246 ed15cc __aulldiv __aullrem 5244->5246 5245->5246 5246->5038 5248 ed1f0e 5247->5248 5254 ed1ddf 5247->5254 5249 ed1f17 WaitForSingleObjectEx 5248->5249 5250 ed1f3c 5248->5250 5255 ed1f09 5248->5255 5249->5248 5253 ed1330 4 API calls 5250->5253 5253->5255 5254->5248 5256 ed1e3b ReadFileEx 5254->5256 5257 ecc075 rand 5254->5257 5259 ed1edf GetLastError 5254->5259 5659 eca975 QueryPerformanceCounter 5254->5659 5660 ed170c rand 5254->5660 5255->4931 5256->5254 5258 ed1e8b WriteFileEx 5257->5258 5258->5254 5261 ed1330 4 API calls 5259->5261 5261->5255 5263 eca107 ??3@YAXPAX 5262->5263 5264 ed2e05 5263->5264 5265 eca107 ??3@YAXPAX 5264->5265 5266 ed2e0d 5265->5266 5267 ed2e14 ??3@YAXPAX 5266->5267 5268 ed2e27 5266->5268 5267->5268 5269 eca107 ??3@YAXPAX 5268->5269 5270 ed2e2f 5269->5270 5271 eca107 ??3@YAXPAX 5270->5271 5272 ed2e37 5271->5272 5273 ed2e3c ??3@YAXPAX 5272->5273 5274 ed2e4f 5272->5274 5273->5274 5275 ed2e54 ??3@YAXPAX 5274->5275 5276 ed2e67 5274->5276 5275->5276 5277 eca107 ??3@YAXPAX 5276->5277 5278 ed2e6f 5277->5278 5279 eca107 ??3@YAXPAX 5278->5279 5280 ed2e77 5279->5280 5282 ecc0f6 5281->5282 5284 ecc118 5281->5284 5283 ecc0fa 5282->5283 5282->5284 5287 ecc10a 5283->5287 5288 ecc29b 5283->5288 5285 ecc29b 11 API calls 5284->5285 5284->5287 5285->5287 5287->5077 5289 ecc2ae 5288->5289 5290 ecc2e5 5288->5290 5291 ecc2e9 5289->5291 5294 ecc2c2 5289->5294 5290->5287 5309 ecc465 5291->5309 5299 ecc475 5294->5299 5300 ecc489 5299->5300 5301 ecc4a3 memmove 5299->5301 5302 ecc4eb 5300->5302 5305 edca2b 2 API calls 5300->5305 5303 ecc4c8 ??3@YAXPAX 5301->5303 5304 ecc4d1 5301->5304 5306 edcbe6 std::tr1::_Xmem 2 API calls 5302->5306 5303->5304 5304->5290 5307 ecc49c 5305->5307 5308 ecc4f0 5306->5308 5307->5301 5307->5302 5310 edcc0a 2 API calls 5309->5310 5311 ecc46f 5310->5311 5313 ed510c 5312->5313 5314 ed5144 5312->5314 5315 ed514a 5313->5315 5318 ed511f 5313->5318 5314->5087 5316 ecc465 2 API calls 5315->5316 5317 ed514f 5316->5317 5320 ed5178 5317->5320 5321 ed51c0 5317->5321 5326 ed517e 5317->5326 5332 ed5a5c 5318->5332 5337 ed5ff0 5320->5337 5322 ecc465 2 API calls 5321->5322 5324 ed51c5 5322->5324 5325 ed5227 5324->5325 5327 ed522d 5324->5327 5330 ed51fc 5324->5330 5325->5087 5326->5087 5328 ecc465 2 API calls 5327->5328 5329 ed5232 5328->5329 5344 ed5ab8 5330->5344 5333 ed5ff0 4 API calls 5332->5333 5334 ed5a6e memmove 5333->5334 5335 ed5a9b 5334->5335 5336 ed5a92 ??3@YAXPAX 5334->5336 5335->5314 5336->5335 5338 ed5ffe 5337->5338 5339 ed6015 5337->5339 5340 edca2b 2 API calls 5338->5340 5342 ed600e 5338->5342 5339->5326 5340->5342 5341 edcbe6 std::tr1::_Xmem 2 API calls 5343 ed6020 5341->5343 5342->5339 5342->5341 5353 ecc42f 5344->5353 5348 ed5ae5 5349 ed5b29 5348->5349 5350 ed5b20 ??3@YAXPAX 5348->5350 5351 eca1b9 2 API calls 5348->5351 5352 ed5b1a 5348->5352 5349->5325 5350->5349 5351->5348 5352->5350 5354 ecc43d 5353->5354 5355 ecc454 5353->5355 5356 ecc44d 5354->5356 5357 edca2b 2 API calls 5354->5357 5360 ed757e 5355->5360 5356->5355 5358 edcbe6 std::tr1::_Xmem 2 API calls 5356->5358 5357->5356 5359 ecc45f 5358->5359 5361 ed758d 5360->5361 5362 ed75a5 5361->5362 5364 ecc244 5361->5364 5362->5348 5367 ecc3d7 5364->5367 5368 ecc262 5367->5368 5369 ecc3e9 5367->5369 5368->5361 5369->5368 5370 ecc3f1 memmove 5369->5370 5370->5368 5382 eca107 5371->5382 5374 eca107 ??3@YAXPAX 5375 ed77e6 5374->5375 5385 ed4c1f 5375->5385 5377 ed77ee 5378 ed4c1f 3 API calls 5377->5378 5379 ed77f6 5378->5379 5380 eca1b9 2 API calls 5379->5380 5381 ed7801 5380->5381 5381->5089 5383 eca124 5382->5383 5384 eca111 ??3@YAXPAX 5382->5384 5383->5374 5384->5383 5386 eca107 ??3@YAXPAX 5385->5386 5387 ed4c2c 5386->5387 5390 ed6130 5387->5390 5391 ed6148 5390->5391 5392 ed4c33 ??3@YAXPAX 5390->5392 5393 ed6149 ??3@YAXPAX 5391->5393 5392->5377 5393->5392 5393->5393 5395 ed54dd 5394->5395 5396 ed54ec 5394->5396 5395->5396 5397 ed54e2 5395->5397 5399 ed54e7 5396->5399 5402 ed5511 5396->5402 5415 ed6bd6 5396->5415 5398 ed4b56 5 API calls 5397->5398 5398->5399 5399->5100 5401 ed77cb 5 API calls 5401->5402 5402->5399 5402->5401 5404 ed548f 5403->5404 5405 ed4bd7 5403->5405 5406 ed54ba 5404->5406 5407 ed54a1 5404->5407 5411 ed682d 5405->5411 5408 ecc465 2 API calls 5406->5408 5472 ed5d1c 5407->5472 5409 ed54bf 5408->5409 5412 ed6839 __EH_prolog3_catch 5411->5412 5413 ed688d 5412->5413 5524 ed0cc2 5412->5524 5413->5100 5416 ecea01 3 API calls 5415->5416 5417 ed6be8 5416->5417 5426 ed6d4e 5417->5426 5420 ed6d4e 9 API calls 5421 ed6c54 5420->5421 5432 ed6d8d 5421->5432 5424 ed6d8d ??3@YAXPAX 5425 ed6c78 5424->5425 5425->5396 5427 ed6d68 5426->5427 5428 ed6c48 5426->5428 5429 ed6130 ??3@YAXPAX 5427->5429 5428->5420 5430 ed6d77 5429->5430 5436 ed6161 5430->5436 5433 ed6c66 5432->5433 5434 ed6db4 5432->5434 5433->5424 5435 eca107 ??3@YAXPAX 5434->5435 5435->5433 5437 ed6190 5436->5437 5438 ed6180 5436->5438 5451 ed6353 5437->5451 5439 ed6188 5438->5439 5440 ed61b6 5438->5440 5446 ececf1 5439->5446 5444 ecc465 2 API calls 5440->5444 5445 ed61bb 5444->5445 5455 ecebcd 5446->5455 5448 eced04 5449 eced2c 5448->5449 5450 eced23 ??3@YAXPAX 5448->5450 5449->5437 5450->5449 5452 ed6373 5451->5452 5462 ed643c 5452->5462 5454 ed61a1 5454->5428 5456 ecebdb 5455->5456 5457 ecebf2 5455->5457 5458 edca2b 2 API calls 5456->5458 5460 ecebeb 5456->5460 5457->5448 5458->5460 5459 edcbe6 std::tr1::_Xmem 2 API calls 5461 ecebfd 5459->5461 5460->5457 5460->5459 5463 ed6462 5462->5463 5469 ed6503 5462->5469 5464 ed648b 5463->5464 5465 ed65f1 5463->5465 5463->5469 5468 ecebcd 4 API calls 5464->5468 5466 ecc465 2 API calls 5465->5466 5467 ed65f6 5466->5467 5470 ed649f 5468->5470 5469->5454 5470->5469 5471 ed64fa ??3@YAXPAX 5470->5471 5471->5469 5473 ed5d28 __EH_prolog3_catch 5472->5473 5481 ed60f7 5473->5481 5477 ed5d85 5477->5405 5478 ed5d7c ??3@YAXPAX 5478->5477 5479 ed77cb 5 API calls 5480 ed5d4b 5479->5480 5480->5477 5480->5478 5480->5479 5482 ed5d32 5481->5482 5483 ed6105 5481->5483 5488 ed75e3 5482->5488 5484 ed6118 5483->5484 5485 edca2b 2 API calls 5483->5485 5484->5482 5486 edcbe6 std::tr1::_Xmem 2 API calls 5484->5486 5485->5484 5487 ed612a 5486->5487 5489 ed75ef __EH_prolog3_catch 5488->5489 5490 ed7650 5489->5490 5492 ed797e 5489->5492 5490->5480 5493 ed798a 5492->5493 5494 ecc244 memmove 5493->5494 5495 ed7998 5494->5495 5500 ed7b35 5495->5500 5497 ed79fc 5498 ed7b35 10 API calls 5497->5498 5499 ed7a0c 5498->5499 5499->5489 5501 ed7b41 5500->5501 5508 ed65fc 5501->5508 5503 ed7b64 5504 ed6130 ??3@YAXPAX 5503->5504 5505 ed7b8c 5504->5505 5506 ed6161 8 API calls 5505->5506 5507 ed7b95 5506->5507 5507->5497 5509 edca2b 2 API calls 5508->5509 5510 ed6608 5509->5510 5511 edcbe6 std::tr1::_Xmem 2 API calls 5510->5511 5514 ed660d 5510->5514 5512 ed6631 5511->5512 5518 ed6e2c 5512->5518 5514->5503 5516 ecc244 memmove 5517 ed665e 5516->5517 5517->5503 5519 edca2b 2 API calls 5518->5519 5520 ed6e38 5519->5520 5521 ed6643 5520->5521 5522 edcbe6 std::tr1::_Xmem 2 API calls 5520->5522 5521->5516 5521->5517 5523 ed6e62 5522->5523 5525 ed0cce 5524->5525 5530 ed4c43 5525->5530 5527 ed0d16 5528 ed4c43 9 API calls 5527->5528 5529 ed0d22 5528->5529 5529->5412 5531 ed4c4f 5530->5531 5532 ed65fc 5 API calls 5531->5532 5533 ed4c6a 5532->5533 5534 ed6161 8 API calls 5533->5534 5535 ed4c8a 5534->5535 5535->5527 5537 ed5076 5536->5537 5538 ed5031 5536->5538 5537->5104 5539 ed507d 5538->5539 5542 ed5046 5538->5542 5540 ecc465 2 API calls 5539->5540 5541 ed5082 5540->5541 5544 ed59db 5542->5544 5545 ed59ef 5544->5545 5546 ed5a07 5544->5546 5547 ed5a51 5545->5547 5548 edca2b 2 API calls 5545->5548 5551 ed5a2a ??3@YAXPAX 5546->5551 5552 ed5a36 5546->5552 5549 edcbe6 std::tr1::_Xmem 2 API calls 5547->5549 5550 ed5a00 5548->5550 5553 ed5a56 5549->5553 5550->5546 5550->5547 5551->5552 5552->5537 5555 ed4fff 5554->5555 5556 ed4fc7 5554->5556 5555->5108 5557 ed5005 5556->5557 5560 ed4fda 5556->5560 5558 ecc465 2 API calls 5557->5558 5559 ed500a 5558->5559 5561 ecc475 6 API calls 5560->5561 5561->5555 5563 ed4e0c 5562->5563 5565 ed4df6 5562->5565 5563->5565 5568 ed5735 5563->5568 5565->5121 5566->5129 5567->5129 5569 ed579b 5568->5569 5570 ed5756 5568->5570 5569->5565 5571 ed576b 5570->5571 5572 ed57a2 5570->5572 5576 ed5efa 5571->5576 5573 ecc465 2 API calls 5572->5573 5574 ed57a7 5573->5574 5577 ed5f0e 5576->5577 5578 ed5f26 5576->5578 5579 ed5f70 5577->5579 5580 edca2b 2 API calls 5577->5580 5583 ed5f49 ??3@YAXPAX 5578->5583 5584 ed5f55 5578->5584 5581 edcbe6 std::tr1::_Xmem 2 API calls 5579->5581 5582 ed5f1f 5580->5582 5585 ed5f75 5581->5585 5582->5578 5582->5579 5583->5584 5584->5569 5589 eca205 5586->5589 5588 eca799 5588->4974 5590 eca291 5589->5590 5592 eca21c 5589->5592 5591 eca22a 5591->5588 5592->5591 5593 eca265 memcpy 5592->5593 5593->5591 5594->5228 5596 ed5583 5595->5596 5602 ed560e 5596->5602 5610 ed7762 5596->5610 5602->5227 5604 edc82f 5603->5604 5606 edc7e7 __aulldiv 5603->5606 5640 ed829a ??0exception@@QAE@ABQBD 5604->5640 5608 edc812 5606->5608 5634 edc9b9 5606->5634 5607 edc83c _CxxThrowException 5608->5225 5611 ed65fc 5 API calls 5610->5611 5612 ed55e7 5611->5612 5613 ed7118 5612->5613 5614 ed55f2 5613->5614 5615 ed713a 5613->5615 5618 ed693d 5614->5618 5616 edcc0a 2 API calls 5615->5616 5617 ed7144 5616->5617 5621 ed6949 __EH_prolog3_catch 5618->5621 5619 ed6989 5625 ed6ee9 5619->5625 5621->5619 5622 ed69dc 5621->5622 5631 ed7036 5622->5631 5623 ed69b7 5623->5602 5626 ed6f04 5625->5626 5627 ed6161 8 API calls 5626->5627 5630 ed6f75 5626->5630 5629 ed6f52 5627->5629 5628 ed693d 9 API calls 5628->5629 5629->5628 5629->5630 5630->5623 5632 ed704a ??3@YAXPAX 5631->5632 5633 ed7067 5631->5633 5632->5633 5633->5623 5635 edc9e8 5634->5635 5636 edc9d4 5634->5636 5638 edc9e6 5635->5638 5645 ed5622 5635->5645 5641 ed7706 5636->5641 5638->5608 5640->5607 5642 ed771b 5641->5642 5643 ed7720 5642->5643 5644 ed7729 memmove 5642->5644 5643->5638 5644->5643 5646 ed563c 5645->5646 5647 ed565f 5645->5647 5648 ed564c 5646->5648 5649 ed5664 5646->5649 5647->5638 5653 ed5df7 5648->5653 5650 ecc465 2 API calls 5649->5650 5651 ed5669 5650->5651 5654 ecebcd 4 API calls 5653->5654 5655 ed5e09 memmove 5654->5655 5656 ed5e2d ??3@YAXPAX 5655->5656 5657 ed5e36 5655->5657 5656->5657 5657->5647 5658->5244 5659->5254 5660->5254 5760 edd1e0 ??1type_info@@UAE 5761 edd1fb 5760->5761 5762 edd1f4 ??3@YAXPAX 5760->5762 5762->5761 5763 ed1b60 5764 ed1b84 5763->5764 5767 ed1b9f 5763->5767 5765 ed1330 4 API calls 5764->5765 5769 ed1b97 5765->5769 5766 ed1be9 5768 ed1c04 5766->5768 5772 ed12f0 4 API calls 5766->5772 5767->5766 5770 ed1330 4 API calls 5767->5770 5771 ed1c49 5768->5771 5773 ed0d77 16 API calls 5768->5773 5770->5766 5774 ed1490 5 API calls 5771->5774 5772->5768 5773->5771 5775 ed1c5e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 5774->5775 5776 ed1370 4 API calls 5775->5776 5777 ed1c9b 5776->5777 5777->5769 5778 ed1ce0 5777->5778 5789 eca975 QueryPerformanceCounter 5777->5789 5790 ed170c rand 5778->5790 5781 ed1cf7 5782 ed1d0e ReadFileEx 5781->5782 5783 ed1d41 5781->5783 5784 ed1d68 5782->5784 5785 ecc075 rand 5783->5785 5784->5769 5787 ed1d7d GetLastError 5784->5787 5786 ed1d5f WriteFileEx 5785->5786 5786->5784 5788 ed1330 4 API calls 5787->5788 5788->5769 5789->5778 5790->5781 5791 ecfa62 5818 ed06e9 5791->5818 5794 ecfbe8 5795 ed06e9 12 API calls 5796 ecfaac 5795->5796 5796->5794 5797 ed06e9 12 API calls 5796->5797 5798 ecfacf 5797->5798 5798->5794 5799 ed06e9 12 API calls 5798->5799 5800 ecfaf2 5799->5800 5800->5794 5801 ed06e9 12 API calls 5800->5801 5802 ecfb15 5801->5802 5802->5794 5803 ed0a84 12 API calls 5802->5803 5804 ecfb38 5803->5804 5804->5794 5805 ed0a84 12 API calls 5804->5805 5806 ecfb5b 5805->5806 5806->5794 5807 ed0a84 12 API calls 5806->5807 5808 ecfb7e 5807->5808 5808->5794 5809 ed0a84 12 API calls 5808->5809 5810 ecfb9d 5809->5810 5810->5794 5811 ed06e9 12 API calls 5810->5811 5812 ecfbbc 5811->5812 5812->5794 5828 ed0475 5812->5828 5819 ed06f5 __EH_prolog3_GS 5818->5819 5820 ecf15e 9 API calls 5819->5820 5821 ed070e 5820->5821 5822 ed076f VariantClear 5821->5822 5827 ed0757 _wtoi SysFreeString 5821->5827 5823 ecf72b 4 API calls 5822->5823 5824 ed0781 5823->5824 5825 edd100 4 API calls 5824->5825 5826 ecfa83 5825->5826 5826->5794 5826->5795 5827->5822 5829 ed0481 __EH_prolog3_GS 5828->5829 5830 ecf15e 9 API calls 5829->5830 5832 ed049c 5830->5832 5831 ed055b VariantClear 5833 ecf72b 4 API calls 5831->5833 5832->5831 5837 ecf72b 4 API calls 5832->5837 5838 ed052c _wtoi 5832->5838 5834 ed056d 5833->5834 5835 edd100 4 API calls 5834->5835 5836 ecfbd2 5835->5836 5836->5794 5841 ed057c 5836->5841 5837->5832 5870 ecca4a 5838->5870 5842 ed0588 __EH_prolog3_GS 5841->5842 5843 ecf15e 9 API calls 5842->5843 5851 ed05a3 5843->5851 5844 ed06c8 VariantClear 5845 ecf72b 4 API calls 5844->5845 5846 ed06da 5845->5846 5847 edd100 4 API calls 5846->5847 5848 ecfbdd 5847->5848 5848->5794 5857 ecfbf6 5848->5857 5849 ecf72b 4 API calls 5849->5851 5850 ed0790 12 API calls 5850->5851 5851->5844 5851->5849 5851->5850 5856 ecca4a 7 API calls 5851->5856 5882 edd7cd __iob_func 5851->5882 5883 edd7cd __iob_func 5851->5883 5853 ed0668 fprintf 5853->5851 5855 ed0690 fprintf 5855->5851 5856->5851 5858 ecfc05 __EH_prolog3_GS 5857->5858 5859 ecf15e 9 API calls 5858->5859 5860 ecfc24 5859->5860 5861 ecfd0a 5860->5861 5866 ecf72b 4 API calls 5860->5866 5884 ecfffd 5860->5884 5948 ecca85 5860->5948 5965 ec9cf3 5860->5965 5862 ecf72b 4 API calls 5861->5862 5863 ecfd15 VariantClear 5862->5863 5864 edd100 4 API calls 5863->5864 5865 ecfd29 5864->5865 5865->5794 5866->5860 5871 ecca5b 5870->5871 5872 ecca63 SysFreeString 5870->5872 5874 ecec98 5871->5874 5872->5832 5875 ececab 5874->5875 5876 ecece2 5874->5876 5877 ecece6 5875->5877 5879 ececbf 5875->5879 5876->5872 5878 ecc465 2 API calls 5877->5878 5880 ececeb 5878->5880 5881 ececf1 5 API calls 5879->5881 5881->5876 5882->5853 5883->5855 5885 ed0009 __EH_prolog3_GS 5884->5885 5970 ed086d 5885->5970 5888 eca1b9 2 API calls 5890 ed0466 5888->5890 5889 ed0072 5988 ed0a54 5889->5988 5894 edd100 4 API calls 5890->5894 5892 ecc26e memcpy 5893 ed004b 5892->5893 5896 ed0062 5893->5896 5898 eca205 memcpy 5893->5898 5897 ed046d 5894->5897 5899 eca1b9 2 API calls 5896->5899 5897->5860 5898->5896 5899->5889 5902 ed0a84 12 API calls 5903 ed00d3 5902->5903 5904 ed09aa 12 API calls 5903->5904 5947 ed0430 5903->5947 5905 ed00f7 5904->5905 5906 ed0a84 12 API calls 5905->5906 5905->5947 5907 ed0121 5906->5907 5908 ed0a84 12 API calls 5907->5908 5907->5947 5909 ed0148 5908->5909 5910 ed0a84 12 API calls 5909->5910 5909->5947 5911 ed016f 5910->5911 5912 ed0a84 12 API calls 5911->5912 5911->5947 5913 ed0196 5912->5913 5914 ed0a54 12 API calls 5913->5914 5913->5947 5915 ed01bd 5914->5915 5916 ed09aa 12 API calls 5915->5916 5915->5947 5917 ed01e1 5916->5917 5918 ed0a84 12 API calls 5917->5918 5917->5947 5919 ed0211 5918->5919 5920 ed0a84 12 API calls 5919->5920 5919->5947 5921 ed023c 5920->5921 5922 ed0a84 12 API calls 5921->5922 5921->5947 5923 ed0269 5922->5923 5924 ed0a84 12 API calls 5923->5924 5923->5947 5926 ed0294 5924->5926 5926->5947 6002 ecfe7d 5926->6002 5928 ed0a54 12 API calls 5929 ed02d0 5928->5929 5930 ed0a54 12 API calls 5929->5930 5929->5947 5931 ed02f8 5930->5931 5932 ed0a54 12 API calls 5931->5932 5931->5947 5933 ed0323 5932->5933 5934 ed0a54 12 API calls 5933->5934 5933->5947 5935 ed034a 5934->5935 5936 ed09aa 12 API calls 5935->5936 5935->5947 5937 ed036e 5936->5937 5938 ed09aa 12 API calls 5937->5938 5937->5947 5939 ed039c 5938->5939 5940 ed06e9 12 API calls 5939->5940 5939->5947 5941 ed03c6 5940->5941 5942 ed0a84 12 API calls 5941->5942 5941->5947 5943 ed03ea 5942->5943 5944 ed09aa 12 API calls 5943->5944 5943->5947 5945 ed040a 5944->5945 5946 ed06e9 12 API calls 5945->5946 5945->5947 5946->5947 5947->5888 5949 ecca94 __EH_prolog3_GS 5948->5949 6065 eca7ef 5949->6065 5951 eccaa5 5953 eccaeb 5951->5953 5954 eccab6 5951->5954 5952 eccaf8 5956 eccae6 5952->5956 5958 ecee7b memmove 5952->5958 5953->5952 5955 ecea9a 13 API calls 5953->5955 5957 eccad1 5954->5957 6071 ecea9a 5954->6071 5955->5952 5961 ec9cf3 2 API calls 5956->5961 5957->5956 6090 ecee7b 5957->6090 5958->5956 5962 eccb17 5961->5962 5963 edd100 4 API calls 5962->5963 5964 eccb1c 5963->5964 5964->5860 5966 eca1b9 2 API calls 5965->5966 5967 ec9d07 5966->5967 5968 eca1b9 2 API calls 5967->5968 5969 ec9d12 5968->5969 5969->5860 5971 ed087c __EH_prolog3_GS 5970->5971 5972 ecf15e 9 API calls 5971->5972 5978 ed08a5 5972->5978 5973 ed0983 VariantClear 5974 ecf72b 4 API calls 5973->5974 5975 ed099b 5974->5975 5976 edd100 4 API calls 5975->5976 5977 ed0030 5976->5977 5977->5889 5977->5892 5977->5947 5978->5973 5979 ed08ff memset 5978->5979 5980 ed0977 SysFreeString 5978->5980 5981 ed091f 5979->5981 5980->5973 5981->5981 5982 ed092a WideCharToMultiByte 5981->5982 6024 eca144 5982->6024 5985 ecea01 3 API calls 5986 ed0969 5985->5986 5987 eca1b9 2 API calls 5986->5987 5987->5980 5989 ed06e9 12 API calls 5988->5989 5990 ed0081 5989->5990 5990->5947 5991 ed09aa 5990->5991 5992 ed09b6 __EH_prolog3_GS 5991->5992 5993 ecf15e 9 API calls 5992->5993 5994 ed09cf 5993->5994 5995 ed0a33 VariantClear 5994->5995 6000 ed0a18 _wtoi64 5994->6000 6001 ed0a2a SysFreeString 5994->6001 5996 ecf72b 4 API calls 5995->5996 5997 ed0a45 5996->5997 5998 edd100 4 API calls 5997->5998 5999 ed00a5 5998->5999 5999->5902 5999->5947 6000->6001 6001->5995 6003 ecfe89 __EH_prolog3_GS 6002->6003 6004 ecf15e 9 API calls 6003->6004 6010 ecfeaa 6004->6010 6005 ecffdc VariantClear 6006 ecf72b 4 API calls 6005->6006 6007 ecffee 6006->6007 6008 edd100 4 API calls 6007->6008 6009 ecfff5 6008->6009 6009->5928 6009->5947 6010->6005 6011 ecffd4 6010->6011 6012 ed086d 18 API calls 6010->6012 6013 ecf72b 4 API calls 6011->6013 6016 ecff4b 6012->6016 6013->6005 6014 ecff92 6015 eca1b9 2 API calls 6014->6015 6015->6011 6016->6014 6035 ecc383 6016->6035 6018 ecff70 6018->6014 6019 ecc383 memcmp 6018->6019 6020 ecff8e 6019->6020 6020->6014 6021 ecc383 memcmp 6020->6021 6022 ecffb2 6021->6022 6022->6014 6039 ecfd31 6022->6039 6025 eca162 6024->6025 6028 eca3ca 6025->6028 6029 eca3dc 6028->6029 6030 eca3fc 6029->6030 6031 eca3e0 6029->6031 6033 eca41e memcpy 6030->6033 6034 eca16e 6030->6034 6032 eca205 memcpy 6031->6032 6032->6034 6033->6034 6034->5985 6036 ecc391 6035->6036 6037 ecc3aa memcmp 6036->6037 6038 ecc3bb 6036->6038 6037->6038 6038->6018 6040 ecfd3d __EH_prolog3_GS 6039->6040 6041 ecf15e 9 API calls 6040->6041 6047 ecfd5e 6041->6047 6042 ecfe5c VariantClear 6043 ecf72b 4 API calls 6042->6043 6044 ecfe6e 6043->6044 6045 edd100 4 API calls 6044->6045 6046 ecfe75 6045->6046 6046->6014 6047->6042 6048 ecfe54 6047->6048 6050 ed09aa 12 API calls 6047->6050 6049 ecf72b 4 API calls 6048->6049 6049->6042 6051 ecfdea 6050->6051 6051->6048 6052 ed086d 18 API calls 6051->6052 6053 ecfe2a 6052->6053 6054 ecfe49 6053->6054 6056 ecc26e memcpy 6053->6056 6055 eca1b9 2 API calls 6054->6055 6055->6048 6057 ecfe42 6056->6057 6059 ecc9c7 6057->6059 6060 ecc9d3 6059->6060 6061 ecc9ee 6060->6061 6062 eca205 memcpy 6060->6062 6063 eca1b9 2 API calls 6061->6063 6062->6061 6064 ecc9fa 6063->6064 6064->6054 6066 eca7fb 6065->6066 6067 ecc26e memcpy 6066->6067 6068 eca809 6067->6068 6069 ecc26e memcpy 6068->6069 6070 eca91b 6069->6070 6070->5951 6072 eceab8 6071->6072 6073 eceafa 6071->6073 6074 eceb00 6072->6074 6077 eceacd 6072->6077 6073->5957 6075 ecc465 2 API calls 6074->6075 6076 eceb05 6075->6076 6079 ecebc2 6076->6079 6081 edca2b 2 API calls 6076->6081 6087 eceb46 6076->6087 6095 ecec03 6077->6095 6080 edcbe6 std::tr1::_Xmem 2 API calls 6079->6080 6083 ecebc7 6080->6083 6084 eceb3c 6081->6084 6082 eceba6 6082->5957 6084->6079 6084->6087 6085 eceb9d ??3@YAXPAX 6085->6082 6086 eca107 ??3@YAXPAX 6086->6087 6087->6082 6087->6085 6087->6086 6089 eceb94 6087->6089 6104 eca17a 6087->6104 6089->6085 6091 ecc244 memmove 6090->6091 6092 ecee8d 6091->6092 6093 ecc244 memmove 6092->6093 6094 ecef9b 6093->6094 6094->5956 6109 ecc4f6 6095->6109 6099 ecec30 6100 ecec70 6099->6100 6101 ecec67 ??3@YAXPAX 6099->6101 6102 ec9cf3 2 API calls 6099->6102 6103 ecec61 6099->6103 6100->6073 6101->6100 6102->6099 6103->6101 6105 eca186 6104->6105 6106 eca1b1 6104->6106 6107 eca19d ??3@YAXPAX 6105->6107 6108 ec9cf3 2 API calls 6105->6108 6106->6087 6107->6106 6108->6105 6110 ecc51e 6109->6110 6111 ecc504 6109->6111 6116 eceda9 6110->6116 6112 ecc517 6111->6112 6113 edca2b 2 API calls 6111->6113 6112->6110 6114 edcbe6 std::tr1::_Xmem 2 API calls 6112->6114 6113->6112 6115 ecc529 6114->6115 6117 ecedb8 6116->6117 6118 ecedd6 6117->6118 6119 ecee7b memmove 6117->6119 6118->6099 6119->6117 6120 ed4d63 6121 ed4d7c 6120->6121 6122 ed4da2 6120->6122 6123 ed4d8b memmove 6121->6123 6125 ed4d82 6121->6125 6122->6125 6127 ed56de 6122->6127 6123->6125 6128 ed4db0 memset 6127->6128 6129 ed56f3 6127->6129 6128->6125 6130 ed572a 6129->6130 6131 ed56fd 6129->6131 6132 ecc465 2 API calls 6130->6132 6135 ed5e88 6131->6135 6133 ed572f 6132->6133 6136 ed5e9c 6135->6136 6137 ed5eae memmove 6135->6137 6138 ed5eef 6136->6138 6141 edca2b 2 API calls 6136->6141 6139 ed5ecd ??3@YAXPAX 6137->6139 6140 ed5ed6 6137->6140 6142 edcbe6 std::tr1::_Xmem 2 API calls 6138->6142 6139->6140 6140->6128 6143 ed5ea7 6141->6143 6145 ed5ef4 6142->6145 6143->6137 6143->6138 6144 ed5f26 6150 ed5f49 ??3@YAXPAX 6144->6150 6151 ed5f55 6144->6151 6145->6144 6146 ed5f70 6145->6146 6147 edca2b 2 API calls 6145->6147 6148 edcbe6 std::tr1::_Xmem 2 API calls 6146->6148 6149 ed5f1f 6147->6149 6152 ed5f75 6148->6152 6149->6144 6149->6146 6150->6151 6151->6128 6153 ecc77e 6154 ecc792 6153->6154 6156 ecc7ac 6153->6156 6155 ecc7ef 6154->6155 6157 edca2b 2 API calls 6154->6157 6158 edcbe6 std::tr1::_Xmem 2 API calls 6155->6158 6160 ecc7cc ??3@YAXPAX 6156->6160 6161 ecc7d5 6156->6161 6159 ecc7a5 6157->6159 6162 ecc7f4 __EH_prolog3_catch 6158->6162 6159->6155 6159->6156 6160->6161 6163 ecc861 6162->6163 6164 ecc26e memcpy 6162->6164 6164->6162 6165 eccd7e 6166 eccdb8 6165->6166 6167 ecce00 6165->6167 6166->6167 6173 eccdd1 memchr 6166->6173 6168 ecce49 6167->6168 6170 ecce18 6167->6170 6194 ece9ca 6168->6194 6188 eccc0b 6170->6188 6173->6166 6173->6167 6174 ecce2e 6177 eca3ca 2 API calls 6174->6177 6175 eccc0b 3 API calls 6176 ecce6e 6175->6176 6178 eca1b9 2 API calls 6176->6178 6179 ecce47 6177->6179 6180 ecce7d 6178->6180 6182 edcfa0 4 API calls 6179->6182 6181 ece9ca memcpy 6180->6181 6183 ecce8f 6181->6183 6184 ecceb6 6182->6184 6185 ecea01 3 API calls 6183->6185 6186 ecce99 6185->6186 6187 eca1b9 2 API calls 6186->6187 6187->6179 6193 eccc32 __aulldiv 6188->6193 6189 eccd62 6189->6174 6190 eccca3 toupper 6190->6193 6192 eccccd fprintf 6192->6193 6193->6189 6193->6190 6197 edd7cd __iob_func 6193->6197 6195 eca205 memcpy 6194->6195 6196 ecce58 6195->6196 6196->6175 6197->6192 6198 ed8df8 6199 ed8e41 6198->6199 6200 ed834c 8 API calls 6199->6200 6201 ed8e50 6200->6201 6202 ed834c 8 API calls 6201->6202 6203 ed8e5b 6202->6203 6204 ed8e90 sprintf_s 6203->6204 6209 ed8f8c 6203->6209 6206 ed834c 8 API calls 6204->6206 6205 ed834c 8 API calls 6208 ed8f9b sprintf_s 6205->6208 6206->6203 6210 ed834c 8 API calls 6208->6210 6209->6205 6211 ed9006 6210->6211 6212 edcfa0 4 API calls 6211->6212 6213 ed901a 6212->6213 6214 ed31fa 6215 ed3205 SetEvent 6214->6215 6222 ed322f 6214->6222 6216 ed321c 6215->6216 6217 ed3239 6215->6217 6218 ed1330 4 API calls 6216->6218 6219 ed3231 Sleep 6217->6219 6217->6222 6220 ed3226 6218->6220 6219->6217 6223 ed31aa 6220->6223 6224 ed31ef 6223->6224 6225 ed31c4 TerminateThread 6223->6225 6224->6222 6227 ed31d3 6225->6227 6226 ed1330 4 API calls 6226->6227 6227->6224 6227->6225 6227->6226 6228 ec9a70 QueryPerformanceFrequency 6229 edc5f0 6230 edc604 6229->6230 6231 edc623 6229->6231 6230->6231 6232 edc608 6230->6232 6233 edc615 6231->6233 6234 edc649 7 API calls 6231->6234 6232->6233 6236 edc649 6232->6236 6234->6233 6237 edc65c 6236->6237 6238 edc693 6236->6238 6239 edc697 6237->6239 6242 edc670 6237->6242 6238->6233 6240 ecc465 2 API calls 6239->6240 6241 edc69c 6240->6241 6244 edc6a2 6242->6244 6246 edc6b9 6244->6246 6247 edc6d3 6244->6247 6245 edc714 6249 edcbe6 std::tr1::_Xmem 2 API calls 6245->6249 6246->6245 6248 edca2b 2 API calls 6246->6248 6251 edc6ee ??3@YAXPAX 6247->6251 6252 edc6f6 6247->6252 6250 edc6cc 6248->6250 6253 edc719 6249->6253 6250->6245 6250->6247 6251->6252 6252->6238 6254 eda5cd 6258 eda8a9 6254->6258 6259 eda8c3 6258->6259 6260 eda5e0 _CIsqrt 6258->6260 6259->6260 6263 ed82c3 ??0exception@@QAE@ABQBD 6259->6263 6262 eda933 _CxxThrowException 6263->6262 6264 edbb4b 6265 edbb6e 6264->6265 6266 ed834c 8 API calls 6265->6266 6267 edbc6a 6265->6267 6266->6265 6268 eccec4 130 API calls 6269 ed6a45 6270 ed6a5f 6269->6270 6271 ed6a55 6269->6271 6273 ed6b75 6270->6273 6274 eca205 memcpy 6270->6274 6272 eca205 memcpy 6271->6272 6272->6270 6274->6273 6275 ecb845 6276 ecb862 6275->6276 6277 eca144 2 API calls 6276->6277 6278 ecb89b sprintf_s 6277->6278 6279 ecb8ce 6278->6279 6280 ecc52f 2 API calls 6279->6280 6281 ecb8e0 6280->6281 6282 ecc52f 2 API calls 6281->6282 6283 ecb90c 6282->6283 6284 ecc52f 2 API calls 6283->6284 6285 ecb92c 6284->6285 6287 ecc52f 2 API calls 6285->6287 6288 ecb961 6285->6288 6286 ecbaeb 6289 ecc52f 2 API calls 6286->6289 6287->6288 6288->6286 6290 ecc52f 2 API calls 6288->6290 6294 ecbb00 6289->6294 6293 ecb98b 6290->6293 6291 ecbb42 6295 ecc52f 2 API calls 6291->6295 6296 ecc52f 2 API calls 6293->6296 6294->6291 6298 eca1b9 2 API calls 6294->6298 6323 ecb41d 6294->6323 6297 ecbb57 6295->6297 6300 ecb9ab 6296->6300 6299 ecc52f 2 API calls 6297->6299 6298->6294 6301 ecbb6c 6299->6301 6302 ecc52f 2 API calls 6300->6302 6303 edcfa0 4 API calls 6301->6303 6305 ecb9cb 6302->6305 6304 ecbb86 6303->6304 6306 ecc52f 2 API calls 6305->6306 6307 ecb9eb 6306->6307 6308 ecc52f 2 API calls 6307->6308 6309 ecba0b 6308->6309 6310 ecc52f 2 API calls 6309->6310 6311 ecba2b 6310->6311 6312 ecc52f 2 API calls 6311->6312 6313 ecba4b 6312->6313 6314 ecc52f 2 API calls 6313->6314 6315 ecba6b 6314->6315 6316 ecc52f 2 API calls 6315->6316 6317 ecba8b 6316->6317 6318 ecc52f 2 API calls 6317->6318 6319 ecbaab 6318->6319 6320 ecc52f 2 API calls 6319->6320 6321 ecbacb 6320->6321 6322 ecc52f 2 API calls 6321->6322 6322->6286 6324 ecb43a 6323->6324 6325 eca144 2 API calls 6324->6325 6326 ecb479 6325->6326 6327 ecc52f 2 API calls 6326->6327 6328 ecb4a7 6327->6328 6329 ecc52f 2 API calls 6328->6329 6330 ecb4c7 6329->6330 6331 ecc52f 2 API calls 6330->6331 6332 ecb4e7 6331->6332 6333 ecc52f 2 API calls 6332->6333 6334 ecb507 sprintf_s 6333->6334 6335 ecb52e 6334->6335 6336 ecc52f 2 API calls 6335->6336 6337 ecb540 sprintf_s 6336->6337 6338 ecb562 6337->6338 6339 ecc52f 2 API calls 6338->6339 6340 ecb574 sprintf_s 6339->6340 6341 ecb596 6340->6341 6342 ecc52f 2 API calls 6341->6342 6343 ecb5a8 sprintf_s 6342->6343 6344 ecb5ca 6343->6344 6345 ecc52f 2 API calls 6344->6345 6346 ecb5dc sprintf_s 6345->6346 6347 ecb5fe 6346->6347 6348 ecc52f 2 API calls 6347->6348 6349 ecb610 sprintf_s 6348->6349 6350 ecb632 6349->6350 6351 ecc52f 2 API calls 6350->6351 6353 ecb644 6351->6353 6352 ecb6c8 6354 ecc52f 2 API calls 6352->6354 6353->6352 6355 ecc52f 2 API calls 6353->6355 6361 ecb6e3 6354->6361 6359 ecb666 6355->6359 6356 ecb66e sprintf_s 6356->6359 6357 ecb6b3 6363 ecc52f 2 API calls 6357->6363 6358 ecb72e 6364 ecc52f 2 API calls 6358->6364 6359->6356 6359->6357 6362 ecc52f 2 API calls 6359->6362 6361->6358 6366 eca1b9 2 API calls 6361->6366 6371 ecab1c 6361->6371 6362->6359 6363->6352 6365 ecb743 6364->6365 6367 ecc52f 2 API calls 6365->6367 6366->6361 6368 ecb758 6367->6368 6369 edcfa0 4 API calls 6368->6369 6370 ecb772 6369->6370 6370->6294 6372 ecab39 6371->6372 6373 eca144 2 API calls 6372->6373 6374 ecab72 6373->6374 6470 ecc716 6374->6470 6376 ecaba9 6377 eca1b9 2 API calls 6376->6377 6378 ecabc6 6377->6378 6379 eca1b9 2 API calls 6378->6379 6380 ecabd7 sprintf_s 6379->6380 6381 ecabfd 6380->6381 6382 ecc52f 2 API calls 6381->6382 6383 ecac0f sprintf_s 6382->6383 6384 ecac38 6383->6384 6385 ecc52f 2 API calls 6384->6385 6386 ecac4a 6385->6386 6387 ecc52f 2 API calls 6386->6387 6388 ecac77 6387->6388 6389 ecc52f 2 API calls 6388->6389 6390 ecaca5 6389->6390 6391 ecc52f 2 API calls 6390->6391 6392 ecacd3 6391->6392 6393 ecc52f 2 API calls 6392->6393 6394 ecad01 6393->6394 6396 ecad3a 6394->6396 6397 ecc52f 2 API calls 6394->6397 6395 ecad5b 6399 ecc52f 2 API calls 6395->6399 6396->6395 6398 ecc52f 2 API calls 6396->6398 6397->6396 6398->6395 6401 ecad73 6399->6401 6400 ecad79 6403 ecc52f 2 API calls 6400->6403 6401->6400 6402 ecc52f 2 API calls 6401->6402 6404 ecadcb 6402->6404 6405 ecaeae 6403->6405 6406 ecc52f 2 API calls 6404->6406 6407 ecc52f 2 API calls 6405->6407 6408 ecade3 sprintf_s 6406->6408 6410 ecaec6 6407->6410 6409 ecae12 6408->6409 6411 ecc52f 2 API calls 6409->6411 6412 ecc52f 2 API calls 6410->6412 6413 ecae24 6411->6413 6414 ecaef1 6412->6414 6476 ecc755 6413->6476 6416 ecaf2f 6414->6416 6417 ecaef7 sprintf_s 6414->6417 6419 ecaf38 sprintf_s 6416->6419 6420 ecaf70 6416->6420 6418 ecaf1d 6417->6418 6427 ecc52f 2 API calls 6418->6427 6423 ecaf5e 6419->6423 6421 ecaf76 sprintf_s 6420->6421 6422 ecafb1 6420->6422 6424 ecaf9f 6421->6424 6425 ecafb7 sprintf_s 6422->6425 6426 ecb002 sprintf_s 6422->6426 6430 ecc52f 2 API calls 6423->6430 6433 ecc52f 2 API calls 6424->6433 6436 ecafee 6425->6436 6435 ecb038 6426->6435 6427->6416 6428 ecae34 6428->6400 6429 ecc716 3 API calls 6428->6429 6432 ecae68 6429->6432 6430->6420 6438 eca1b9 2 API calls 6432->6438 6433->6422 6437 ecc52f 2 API calls 6435->6437 6439 ecc52f 2 API calls 6436->6439 6445 ecb04a 6437->6445 6440 ecae85 6438->6440 6441 ecb000 sprintf_s 6439->6441 6442 eca1b9 2 API calls 6440->6442 6444 ecb094 6441->6444 6442->6400 6447 ecc52f 2 API calls 6444->6447 6446 ecc52f 2 API calls 6445->6446 6446->6441 6448 ecb0a6 sprintf_s 6447->6448 6449 ecb0cb 6448->6449 6450 ecc52f 2 API calls 6449->6450 6451 ecb0dd sprintf_s 6450->6451 6452 ecb0ff 6451->6452 6453 ecc52f 2 API calls 6452->6453 6454 ecb111 sprintf_s 6453->6454 6455 ecb133 6454->6455 6456 ecc52f 2 API calls 6455->6456 6457 ecb145 sprintf_s 6456->6457 6458 ecb16a 6457->6458 6459 ecc52f 2 API calls 6458->6459 6460 ecb17c sprintf_s 6459->6460 6461 ecb19e 6460->6461 6462 ecc52f 2 API calls 6461->6462 6463 ecb1b0 6462->6463 6464 ecc52f 2 API calls 6463->6464 6465 ecb1ec 6464->6465 6466 ecc52f 2 API calls 6465->6466 6467 ecb201 6466->6467 6468 edcfa0 4 API calls 6467->6468 6469 ecb21b 6468->6469 6469->6361 6471 ecc732 6470->6471 6472 ecc52f 2 API calls 6471->6472 6473 ecc73e 6472->6473 6474 ecc244 memmove 6473->6474 6475 ecc746 6474->6475 6475->6376 6477 ecc763 6476->6477 6478 ecc383 memcmp 6477->6478 6479 ecc771 6478->6479 6479->6428 6480 eda644 6481 eda6e9 6480->6481 6482 eda660 6480->6482 6504 ed8257 ??0exception@@QAE@ABQBD 6481->6504 6482->6481 6483 eda66b 6482->6483 6495 eda948 6483->6495 6487 eda745 6488 eda6d3 6505 ed829a ??0exception@@QAE@ABQBD 6488->6505 6490 eda6d5 6501 eda878 6490->6501 6491 eda68e 6491->6488 6491->6490 6493 eda6f8 _CxxThrowException 6493->6487 6494 eda6df 6496 eda954 6495->6496 6506 edaa15 6496->6506 6498 eda96b 6500 eda992 6498->6500 6512 edaa45 6498->6512 6500->6491 6546 eda9d8 6501->6546 6504->6493 6505->6493 6507 edca2b 2 API calls 6506->6507 6508 edaa1c 6507->6508 6509 edaa25 6508->6509 6519 edca88 ??0exception@@QAE@ABQBDH 6508->6519 6509->6498 6511 edcbf6 _CxxThrowException 6518 edaa51 __EH_prolog3_catch 6512->6518 6514 edab59 6529 edacd3 6514->6529 6515 edaa61 6520 edabaa 6515->6520 6517 edaa73 6517->6498 6518->6514 6518->6515 6519->6511 6521 edabc1 6520->6521 6522 edacc3 6520->6522 6533 edad87 6521->6533 6523 edcc0a 2 API calls 6522->6523 6526 edaccd __EH_prolog3_catch 6523->6526 6525 edabc9 6525->6517 6527 edabaa 13 API calls 6526->6527 6528 edad37 6526->6528 6527->6528 6528->6517 6530 edacdf __EH_prolog3_catch 6529->6530 6531 edabaa 13 API calls 6530->6531 6532 edad37 6530->6532 6531->6532 6532->6517 6536 edadba 6533->6536 6535 edad92 6535->6525 6537 edca2b 2 API calls 6536->6537 6538 edadc6 6537->6538 6539 edadcd 6538->6539 6540 edcbe6 std::tr1::_Xmem 2 API calls 6538->6540 6539->6535 6541 edadf0 sprintf_s 6540->6541 6542 eca144 2 API calls 6541->6542 6543 edae32 6542->6543 6544 edcfa0 4 API calls 6543->6544 6545 edae3f 6544->6545 6545->6535 6547 eda887 ??3@YAXPAX 6546->6547 6548 eda9ed 6546->6548 6547->6494 6549 eda9f7 ??3@YAXPAX 6548->6549 6549->6547 6549->6548 6550 ed49c4 6551 ed49de 6550->6551 6552 ed49ea 6550->6552 6551->6552 6553 ed4a9b ??3@YAXPAX 6551->6553 6554 ed4aa3 6551->6554 6553->6554 6556 ed5238 6554->6556 6557 ed5256 6556->6557 6558 ed5252 6556->6558 6559 ed525e 6557->6559 6560 ed5279 6557->6560 6558->6552 6568 ed5b4b 6559->6568 6562 ecc465 2 API calls 6560->6562 6563 ed527e 6562->6563 6567 ed52a3 6563->6567 6581 ed5b81 6563->6581 6567->6552 6569 ed5b59 6568->6569 6570 ed5b70 6568->6570 6571 ed5b69 6569->6571 6572 edca2b 2 API calls 6569->6572 6570->6558 6571->6570 6573 edcbe6 std::tr1::_Xmem 2 API calls 6571->6573 6572->6571 6574 ed5b7b 6573->6574 6575 ed5bc4 6574->6575 6576 ed5bcb 6574->6576 6577 ed5bb2 6574->6577 6575->6558 6578 ecc465 2 API calls 6576->6578 6593 ed6026 6577->6593 6579 ed5bd0 6578->6579 6582 ed52c7 6581->6582 6583 ed5ba0 6581->6583 6589 ed690e 6582->6589 6584 ed5bcb 6583->6584 6586 ed5bb2 6583->6586 6585 ecc465 2 API calls 6584->6585 6587 ed5bd0 6585->6587 6588 ed6026 7 API calls 6586->6588 6588->6582 6590 ed691a 6589->6590 6591 ed6933 6589->6591 6590->6591 6592 ed691e memset 6590->6592 6591->6567 6592->6590 6594 ed5b4b 6 API calls 6593->6594 6595 ed603a 6594->6595 6596 ed605f ??3@YAXPAX 6595->6596 6597 ed606b 6595->6597 6596->6597 6597->6575 6598 edc944 6599 edc969 6598->6599 6600 edc97a 6598->6600 6601 edc9b9 9 API calls 6599->6601 6601->6600 6602 edc8c7 6605 edc8da 6602->6605 6603 edc8e0 6604 edc92c _CIsqrt 6604->6603 6605->6603 6605->6604 6606 ed83c7 6608 ed83d7 6606->6608 6607 ed834c 8 API calls 6609 ed8436 6607->6609 6608->6607 4851 ed1446 4852 ed1471 NtQuerySystemInformation 4851->4852 4855 edcfa0 4852->4855 4854 ed1485 4856 edcfa8 4855->4856 4857 edcfab 4855->4857 4856->4854 4860 edd5fa SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4857->4860 4859 edd735 4859->4854 4860->4859 6610 ece8c7 6611 ece8f3 6610->6611 6616 ece901 6610->6616 6612 ece929 6611->6612 6613 ece8fb 6611->6613 6615 ecc465 2 API calls 6612->6615 6614 ecebcd 4 API calls 6613->6614 6614->6616 6617 ece92e 6615->6617 6618 ece98f 6617->6618 6619 ece950 6617->6619 6620 ece99c 6618->6620 6622 ecea9a 13 API calls 6618->6622 6621 ece96b 6619->6621 6623 ecea9a 13 API calls 6619->6623 6624 eca7ef memcpy 6620->6624 6626 ece98a 6620->6626 6625 eca7ef memcpy 6621->6625 6621->6626 6622->6620 6623->6621 6624->6626 6625->6626 6627 ecd640 6629 ecd65d 6627->6629 6646 ecd656 6627->6646 6628 ecd70b 6637 ecd759 6628->6637 6652 edd7cd __iob_func 6628->6652 6629->6628 6630 ecd70d 6629->6630 6631 ecd7a9 6629->6631 6634 ecca4a 7 API calls 6629->6634 6629->6646 6651 edd7cd __iob_func 6630->6651 6655 edd7cd __iob_func 6631->6655 6634->6629 6635 ecd71a fprintf 6635->6628 6636 ecd7b5 fprintf 6636->6628 6638 ecd7e1 6637->6638 6640 ecd7a2 6637->6640 6653 edd7cd __iob_func 6637->6653 6642 ecca4a 7 API calls 6638->6642 6656 edd7cd __iob_func 6640->6656 6642->6646 6643 ecd775 fprintf 6643->6640 6647 ecd787 6643->6647 6645 ecd74c fprintf 6645->6637 6654 edd7cd __iob_func 6647->6654 6648 ecd7d3 fprintf 6648->6638 6648->6646 6650 ecd793 fprintf 6650->6640 6650->6647 6651->6635 6652->6645 6653->6643 6654->6650 6655->6636 6656->6648 6657 ec9d40 vprintf 6658 ecaac1 sprintf_s 6659 eca144 2 API calls 6658->6659 6660 ecab04 6659->6660 6661 edcfa0 4 API calls 6660->6661 6662 ecab11 6661->6662 6667 ed8442 6668 ed834c 8 API calls 6667->6668 6669 ed8455 6668->6669 6670 ed834c 8 API calls 6669->6670 6671 ed8460 6670->6671 6672 ed834c 8 API calls 6671->6672 6673 ed846b 6672->6673 6674 ed834c 8 API calls 6673->6674 6675 ed8476 6674->6675 6676 ed834c 8 API calls 6675->6676 6677 ed8481 6676->6677 6678 ed834c 8 API calls 6677->6678 6679 ed84a1 6678->6679 6680 ed834c 8 API calls 6679->6680 6681 ed84b2 6680->6681 6682 ed834c 8 API calls 6681->6682 6683 ed84c0 6682->6683 6684 ed834c 8 API calls 6683->6684 6685 ed84ce 6684->6685 6686 ed834c 8 API calls 6685->6686 6687 ed84dc 6686->6687 6688 ed4add 6689 ed4afc 6688->6689 6690 ed4b12 6688->6690 6694 ed538e 6689->6694 6693 ed4b10 6690->6693 6703 ed5339 6690->6703 6695 ed53ce 6694->6695 6696 ed53a9 6694->6696 6701 ed53ef 6695->6701 6702 ed53c4 6695->6702 6716 ed6b9a 6695->6716 6696->6695 6697 ed53b0 6696->6697 6697->6702 6711 ed542f 6697->6711 6700 ed542f 6 API calls 6700->6701 6701->6700 6701->6702 6702->6693 6704 ed537c 6703->6704 6705 ed5358 6703->6705 6704->6693 6706 ed536a 6705->6706 6707 ed5383 6705->6707 6720 ed5c3f 6706->6720 6708 ecc465 2 API calls 6707->6708 6709 ed5388 6708->6709 6712 ed5466 6711->6712 6713 ed543b 6711->6713 6712->6697 6714 ed5452 ??3@YAXPAX 6713->6714 6715 ed77cb 5 API calls 6713->6715 6714->6712 6715->6713 6717 ed6baf 6716->6717 6718 ed6baa 6716->6718 6717->6695 6719 ed542f 6 API calls 6718->6719 6719->6717 6727 ed60c1 6720->6727 6722 ed5cac 6722->6704 6723 ed5ca3 ??3@YAXPAX 6723->6722 6724 ed5c57 6724->6722 6724->6723 6725 ed542f 6 API calls 6724->6725 6726 ed5c9d 6724->6726 6725->6724 6726->6723 6728 ed60cf 6727->6728 6729 ed60e6 6727->6729 6730 ed60df 6728->6730 6732 edca2b 2 API calls 6728->6732 6729->6724 6730->6729 6731 edcbe6 std::tr1::_Xmem 2 API calls 6730->6731 6733 ed60f1 6731->6733 6732->6730 6734 ed74d8 6735 eca107 ??3@YAXPAX 6734->6735 6736 ed74ec 6735->6736 6739 ed52fd 6736->6739 6740 ed5331 6739->6740 6742 ed5309 6739->6742 6741 ed531d ??3@YAXPAX 6741->6740 6742->6741 6743 ed542f 6 API calls 6742->6743 6743->6742 6744 ed0b58 6745 ed0b9e 6744->6745 6746 ed0b74 6744->6746 6749 ed0b7b 6745->6749 6750 ed0be3 6745->6750 6747 ed0b84 memmove 6746->6747 6746->6749 6747->6749 6751 ed0bfd 6750->6751 6752 ed0c33 6750->6752 6753 ed0c39 6751->6753 6756 ed0c0f 6751->6756 6752->6749 6754 ecc465 2 API calls 6753->6754 6755 ed0c3e 6754->6755 6758 ed0c44 6756->6758 6759 ed0c58 6758->6759 6760 ed0c70 memmove 6758->6760 6761 ed0cb7 6759->6761 6765 edca2b 2 API calls 6759->6765 6762 ed0c9d 6760->6762 6763 ed0c94 ??3@YAXPAX 6760->6763 6764 edcbe6 std::tr1::_Xmem 2 API calls 6761->6764 6762->6752 6763->6762 6766 ed0cbc 6764->6766 6767 ed0c69 6765->6767 6767->6760 6767->6761 6768 edd056 6771 edcfb8 6768->6771 6772 edcfc4 6771->6772 6773 edcfeb _lock __dllonexit 6772->6773 6774 edcfd5 _onexit 6772->6774 6780 edd048 _unlock 6773->6780 6777 edd03d 6774->6777 6778 edd5b4 4 API calls 6777->6778 6779 edd044 6778->6779 6780->6777 6781 ed6fd6 6782 ed6feb 6781->6782 6783 ed7036 ??3@YAXPAX 6782->6783 6784 ed7028 6783->6784 6785 ec9b50 6786 ec9b7d 6785->6786 6787 edcfa0 4 API calls 6786->6787 6788 ec9b94 6787->6788 6790 edd5d0 _except_handler4_common 6794 ed4f2b 6795 ed4f4c 6794->6795 6796 ed4f65 6794->6796 6802 ed5965 6795->6802 6797 ed4f63 6796->6797 6811 ed58a9 6796->6811 6803 ed597e 6802->6803 6808 ed5994 6802->6808 6804 ed5983 6803->6804 6803->6808 6823 ed5927 6804->6823 6805 ed598d 6805->6797 6807 ed59b6 6809 ed5927 7 API calls 6807->6809 6808->6805 6808->6807 6828 ed6c85 6808->6828 6809->6805 6812 ed58cc 6811->6812 6813 ed4f73 6811->6813 6814 ed591c 6812->6814 6817 ed58e3 6812->6817 6819 ed68b5 6813->6819 6815 ecc465 2 API calls 6814->6815 6816 ed5921 6815->6816 6834 ed5f7b 6817->6834 6820 ed68be 6819->6820 6821 ed6903 6819->6821 6820->6821 6822 ed68d2 memset 6820->6822 6821->6797 6822->6820 6824 ed595b 6823->6824 6826 ed5935 6823->6826 6824->6805 6825 eca107 ??3@YAXPAX 6825->6826 6826->6824 6826->6825 6827 ed52fd 7 API calls 6826->6827 6827->6826 6829 ed6cda 6828->6829 6830 ed6cd3 6828->6830 6832 ed6d26 6829->6832 6833 eca107 ??3@YAXPAX 6829->6833 6831 ed52fd 7 API calls 6830->6831 6831->6829 6832->6808 6833->6832 6840 ed566f 6834->6840 6836 ed5f8f 6837 ed5fc9 6836->6837 6838 ed5927 7 API calls 6836->6838 6837->6813 6839 ed5fc0 ??3@YAXPAX 6838->6839 6839->6837 6841 ed5697 6840->6841 6843 ed567d 6840->6843 6841->6836 6842 ed5690 6842->6841 6845 edcbe6 std::tr1::_Xmem 2 API calls 6842->6845 6843->6842 6844 edca2b 2 API calls 6843->6844 6844->6842 6846 ed56a2 6845->6846 6851 eca7a7 6852 ecc26e memcpy 6851->6852 6853 eca7c0 6852->6853 6856 ed80a2 6857 ed65fc 5 API calls 6856->6857 6858 ed80b3 6857->6858 6863 eda7b9 6865 eda7d2 6863->6865 6866 eda7f9 6863->6866 6864 ed556e 10 API calls 6864->6865 6865->6864 6865->6866 6867 edcc31 6870 edcb48 ??0exception@@QAE@ABQBD 6867->6870 6869 edcc44 _CxxThrowException 6870->6869 6871 ec9c30 6872 ec9c4f 6871->6872 6873 ec9c40 6871->6873 6877 ec9be0 6872->6877 6874 eca144 2 API calls 6873->6874 6876 ec9c4d 6874->6876 6878 ec9bf2 6877->6878 6879 eca144 2 API calls 6878->6879 6880 ec9c05 6879->6880 6880->6876 6881 ed8230 ??1exception@@UAE 6882 ed824b 6881->6882 6883 ed8243 ??3@YAXPAX 6881->6883 6883->6882 6885 ed5d04 ??3@YAXPAX 4861 ed2e86 4862 ed2ea6 strcpy_s 4861->4862 4864 ed2ea1 4861->4864 4863 ed2ec4 4862->4863 4862->4864 4863->4864 4867 ed2ee1 GetFileAttributesA 4863->4867 4865 edcfa0 4 API calls 4864->4865 4866 ed2f21 4865->4866 4867->4863 4868 ed2ef6 CreateDirectoryA 4867->4868 4868->4863 4869 ed2f25 GetLastError 4868->4869 4869->4864 6886 ec9c80 6887 ec9c92 6886->6887 6888 eca144 2 API calls 6887->6888 6889 ec9ca5 6888->6889 6890 ed8300 ??0exception@@QAE@ABV0@ 4822 eca49c 4823 eca4a8 __EH_prolog3_catch 4822->4823 4830 eca58f 4823->4830 4825 eca547 4837 eca1b9 4825->4837 4828 eca53c memcpy 4828->4825 4829 eca552 4831 eca59d 4830->4831 4832 eca4f7 4830->4832 4836 eca5a8 4831->4836 4842 edca2b 4831->4842 4832->4825 4832->4828 4836->4832 4847 edcbe6 4836->4847 4838 eca1ec 4837->4838 4839 eca1cb 4837->4839 4838->4829 4839->4838 4840 eca1d8 memcpy 4839->4840 4841 eca1e3 ??3@YAXPAX 4839->4841 4840->4841 4841->4838 4843 edca3f malloc 4842->4843 4844 edca4d 4843->4844 4845 edca32 _callnewh 4843->4845 4844->4836 4845->4843 4846 edca4f 4845->4846 4846->4846 4850 edca88 ??0exception@@QAE@ABQBDH 4847->4850 4849 edcbf6 _CxxThrowException 4850->4849 6891 ed789f 6892 ed5238 8 API calls 6891->6892 6893 ed78c9 6892->6893 6894 edb41e 6895 ed834c 8 API calls 6894->6895 6896 edb431 6895->6896 6897 ed834c 8 API calls 6896->6897 6898 edb43f 6897->6898 6899 ed834c 8 API calls 6898->6899 6900 edb44d 6899->6900 6901 ed834c 8 API calls 6900->6901 6902 edb45b 6901->6902 6903 ed834c 8 API calls 6902->6903 6904 edb469 6903->6904 6905 ed834c 8 API calls 6904->6905 6906 edb477 6905->6906 6907 ed834c 8 API calls 6906->6907 6908 edb488 6907->6908 6909 ed834c 8 API calls 6908->6909 6910 edb496 6909->6910 6911 ed834c 8 API calls 6910->6911 6912 edb4a4 6911->6912 6913 ed834c 8 API calls 6912->6913 6914 edb4b2 6913->6914 6915 ed834c 8 API calls 6914->6915 6916 edb4c0 6915->6916 6917 ed834c 8 API calls 6916->6917 6918 edb4ce 6917->6918 6919 ed834c 8 API calls 6918->6919 6920 edb4dc 6919->6920 6921 ed5816 6930 ed56a8 6921->6930 6925 ed5887 6926 ed587e ??3@YAXPAX 6926->6925 6927 ed5843 6927->6925 6927->6926 6928 eca1b9 2 API calls 6927->6928 6929 ed5878 6927->6929 6928->6927 6929->6926 6931 ed56cd 6930->6931 6932 ed56b6 6930->6932 6937 ed7501 6931->6937 6933 ed56c6 6932->6933 6935 edca2b 2 API calls 6932->6935 6933->6931 6934 edcbe6 std::tr1::_Xmem 2 API calls 6933->6934 6936 ed56d8 6934->6936 6935->6933 6938 ed7510 6937->6938 6939 ed753a 6938->6939 6940 ecc244 memmove 6938->6940 6939->6927 6940->6938 4870 edb111 4871 edb126 4870->4871 4888 ed834c 4871->4888 4874 ed834c 8 API calls 4875 edb149 4874->4875 4876 ed834c 8 API calls 4875->4876 4877 edb15a 4876->4877 4878 ed834c 8 API calls 4877->4878 4879 edb16b 4878->4879 4880 ed834c 8 API calls 4879->4880 4881 edb17c 4880->4881 4882 ed834c 8 API calls 4881->4882 4883 edb190 4882->4883 4884 ed834c 8 API calls 4883->4884 4885 edb1a1 4884->4885 4886 ed834c 8 API calls 4885->4886 4887 edb1b2 4886->4887 4896 eddb30 4888->4896 4891 ed839f 4898 ecc52f 4891->4898 4893 ed83b2 4894 edcfa0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 4893->4894 4895 ed83be 4894->4895 4895->4874 4897 ed835b memset vsprintf_s 4896->4897 4897->4891 4899 ecc542 4898->4899 4905 eca44a 4899->4905 4908 edcc0a 4905->4908 4911 edcae8 ??0exception@@QAE@ABQBD 4908->4911 4910 edcc1d _CxxThrowException 4911->4910 6941 ec9d90 6942 ec9d9b printf SetEvent 6941->6942 6943 ec9de7 6941->6943 6944 ec9dd5 SetConsoleCtrlHandler 6942->6944 6945 ec9db7 GetLastError 6942->6945 6944->6943 6948 edd7cd __iob_func 6945->6948 6947 ec9dca fprintf 6947->6944 6948->6947 6949 edd210 6950 edd24d 6949->6950 6952 edd222 6949->6952 6951 edd247 ?terminate@ 6951->6950 6952->6950 6952->6951 6953 edcf90 6956 edd498 6953->6956 6955 edcf95 6955->6955 6957 edd4bd 6956->6957 6958 edd4ca GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 6956->6958 6957->6958 6959 edd4c1 6957->6959 6958->6959 6959->6955 6960 ecbb91 6961 ecbbbe 6960->6961 6962 ecbbdc 6961->6962 7004 edd7cd __iob_func 6961->7004 6965 ecbbfb 6962->6965 6982 ecbc18 6962->6982 6964 ecbbd1 fprintf 6964->6962 7005 edd7cd __iob_func 6965->7005 6967 ecbfc4 6968 ecbc07 fprintf 6968->6967 6971 ecbc68 fprintf 6971->6982 6973 ecbd48 fprintf 6973->6982 6975 eca17a 3 API calls 6975->6982 6976 ecbcb6 fprintf 6976->6982 6978 ecbd0b fprintf 6978->6982 6980 ecbda2 fprintf 6980->6982 6982->6967 6982->6975 7006 edd7cd __iob_func 6982->7006 7007 edd7cd __iob_func 6982->7007 7008 edd7cd __iob_func 6982->7008 7009 edd7cd __iob_func 6982->7009 7010 eca7ce 6982->7010 7013 edd7cd __iob_func 6982->7013 7014 edd7cd __iob_func 6982->7014 7015 edd7cd __iob_func 6982->7015 7016 edd7cd __iob_func 6982->7016 7017 edd7cd __iob_func 6982->7017 7018 edd7cd __iob_func 6982->7018 7019 edd7cd __iob_func 6982->7019 7020 edd7cd __iob_func 6982->7020 7021 edd7cd __iob_func 6982->7021 7022 edd7cd __iob_func 6982->7022 7023 edd7cd __iob_func 6982->7023 7024 edd7cd __iob_func 6982->7024 6983 ecbdc9 fprintf 6983->6982 6985 ecbdfa fprintf 6985->6982 6989 ecbe27 fprintf 6989->6982 6990 ecbe83 fprintf 6990->6982 6991 ecbe9f fprintf 6991->6982 6994 ecbe48 fprintf 6994->6982 6995 ecbec7 fprintf 6995->6982 6998 ecbf3b fprintf 6998->6982 7000 ecbf0a fprintf 7000->6982 7002 ecbee8 fprintf 7002->6982 7003 ecbf74 fprintf 7003->6982 7004->6964 7005->6968 7006->6971 7007->6976 7008->6978 7009->6973 7025 ecc1d7 7010->7025 7012 eca7e1 7012->6982 7013->6980 7014->6983 7015->6985 7016->6989 7017->6994 7018->6990 7019->6991 7020->6995 7021->7002 7022->7000 7023->6998 7024->7003 7026 ecc1e3 __EH_prolog3_catch 7025->7026 7031 ecc334 7026->7031 7029 ecc220 7029->7012 7032 ecc20a 7031->7032 7033 ecc352 7031->7033 7032->7029 7039 ecc870 7032->7039 7034 ecc378 7033->7034 7035 ecc35a 7033->7035 7037 ecc465 2 API calls 7034->7037 7036 ecc4f6 4 API calls 7035->7036 7036->7032 7038 ecc37d 7037->7038 7041 ecc87c __EH_prolog3_catch 7039->7041 7040 ecc8df 7040->7029 7041->7040 7042 eca7ef memcpy 7041->7042 7042->7041

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00ED1F60 Relevance: 116.5, APIs: 35, Strings: 31, Instructions: 1033filesynchronizationthreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED1F6A
                                                                                                                                                                                            • srand.MSVCRT ref: 00ED1FFE
                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00ED2066
                                                                                                                                                                                            • SetThreadGroupAffinity.KERNELBASE(00000000,?,00000000), ref: 00ED2073
                                                                                                                                                                                            • atoi.MSVCRT ref: 00ED212D
                                                                                                                                                                                            • sprintf_s.MSVCRT ref: 00ED2146
                                                                                                                                                                                            • isalpha.MSVCRT ref: 00ED2161
                                                                                                                                                                                            • sprintf_s.MSVCRT ref: 00ED2188
                                                                                                                                                                                            • CreateFileA.KERNELBASE(?,-C0000001,00000003,00000000,00000003,00000080,00000000,?), ref: 00ED223D
                                                                                                                                                                                            • SetFileInformationByHandle.KERNEL32(?,0000000C,?,00000004), ref: 00ED22EC
                                                                                                                                                                                            • GetFileSize.KERNEL32(?,?), ref: 00ED2338
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED234B
                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 00ED24C2
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED26CF
                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00ED2707
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00ED2715
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED2744
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00000001,00000000), ref: 00ED2785
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED27FD
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00ED2856
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00000000), ref: 00ED2861
                                                                                                                                                                                            • Sleep.KERNEL32(00000000,?,00000004,?,?,?), ref: 00ED28F9
                                                                                                                                                                                            • ReadFile.KERNEL32(00000010,00000001,00000004,?,00000000,?,00000004,?,?,?), ref: 00ED2955
                                                                                                                                                                                            • WriteFile.KERNEL32(00000010,00000000,00000000,00000000,00000004,?,00000000,?,00000004,?,?,?), ref: 00ED2979
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED2A57
                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(00000010,00000000,?,00000000,00000000), ref: 00ED2A8F
                                                                                                                                                                                              • Part of subcall function 00ED813D: GetTickCount64.KERNEL32 ref: 00ED8148
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED2ACE
                                                                                                                                                                                            • CreateIoCompletionPort.KERNELBASE(00000010,?,00000000,00000001,?,?), ref: 00ED2B1D
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED2B42
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED2C72
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF,00000001,?,?), ref: 00ED2D1E
                                                                                                                                                                                            • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 00ED2D95
                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00ED2DAA
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00ED2DC3
                                                                                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 00ED2DD1
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x, xrefs: 00ED278D
                                                                                                                                                                                            • thread %u: received signal to start, xrefs: 00ED287A, 00ED2D35
                                                                                                                                                                                            • The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u, xrefs: 00ED27D3
                                                                                                                                                                                            • Error setting IO priority for file: %s [%u], xrefs: 00ED274C
                                                                                                                                                                                            • thread %u started (random seed: %u), xrefs: 00ED254C
                                                                                                                                                                                            • The file is too small or there has been an error during getting file size, xrefs: 00ED2762
                                                                                                                                                                                            • FATAL ERROR: invalid filename, xrefs: 00ED282A
                                                                                                                                                                                            • Error setting file pointer. Error code: %d., xrefs: 00ED271C
                                                                                                                                                                                            • write, xrefs: 00ED2AC9, 00ED2AD5
                                                                                                                                                                                            • Error opening file: %s [%u], xrefs: 00ED2805
                                                                                                                                                                                            • t[%u:%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 00ED2C93
                                                                                                                                                                                            • Warning: thread %u transfered %u bytes instead of %u bytes, xrefs: 00ED29A2
                                                                                                                                                                                            • thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u), xrefs: 00ED24E2
                                                                                                                                                                                            • t[%u] initial I/O op at %I64u (starting in block: %I64u), xrefs: 00ED26E9
                                                                                                                                                                                            • \\.\PhysicalDrive%u, xrefs: 00ED2134
                                                                                                                                                                                            • unable to create IO completion port (error code: %u), xrefs: 00ED2B49
                                                                                                                                                                                            • \\.\%c:, xrefs: 00ED2176
                                                                                                                                                                                            • t[%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00ED2A71
                                                                                                                                                                                            • SeLockMemoryPrivilege, xrefs: 00ED20BC
                                                                                                                                                                                            • Error setting affinity mask in thread %u, xrefs: 00ED2083
                                                                                                                                                                                            • Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer., xrefs: 00ED2727
                                                                                                                                                                                            • Waiting for a signal to start failed (error code: %u), xrefs: 00ED2868
                                                                                                                                                                                            • thread %u: Error setting file pointer, xrefs: 00ED2AB1
                                                                                                                                                                                            • read, xrefs: 00ED2AC2
                                                                                                                                                                                            • t[%u:%u] error during %s error code: %u), xrefs: 00ED2ADE
                                                                                                                                                                                            • affinitizing thread %u to Group %u / CPU %u, xrefs: 00ED2032
                                                                                                                                                                                            • thread %u starting: file '%s' relative thread %u random pattern, xrefs: 00ED2474
                                                                                                                                                                                            • thread %u: waiting for a signal to start, xrefs: 00ED283C, 00ED2D04
                                                                                                                                                                                            • Warning - file size is less than MaxFileSize, xrefs: 00ED2389
                                                                                                                                                                                            • ERROR:, xrefs: 00ED20B7
                                                                                                                                                                                            • Error getting file size, xrefs: 00ED2756
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$File$Unothrow_t@std@@@__ehfuncinfo$??2@$CloseCreateHandleObjectPointerSingleThreadWaitsprintf_s$??3@AffinityChangeCompletionCount64CurrentFindFreeGroupH_prolog3_InformationNotificationPortReadSizeSleepTickVirtualWrite__aulldivatoiisalphasrand
                                                                                                                                                                                            • String ID: ERROR:$Error getting file size$Error opening file: %s [%u]$Error setting IO priority for file: %s [%u]$Error setting affinity mask in thread %u$Error setting file pointer. Error code: %d.$FATAL ERROR: Could not allocate a buffer bytes for target '%s'. Error code: 0x%x$FATAL ERROR: invalid filename$Failed to disable local caching (error %u). NOTE: only supported on remote filesystems with Windows 8 or newer.$SeLockMemoryPrivilege$The file is too small or there has been an error during getting file size$The file is too small. File: '%s' relative thread %u size: %I64u, base offset: %I64u block size: %u$Waiting for a signal to start failed (error code: %u)$Warning - file size is less than MaxFileSize$Warning: thread %u transfered %u bytes instead of %u bytes$\\.\%c:$\\.\PhysicalDrive%u$affinitizing thread %u to Group %u / CPU %u$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] initial I/O op at %I64u (starting in block: %I64u)$t[%u] new I/O op at %I64u (starting in block: %I64u)$thread %u started (random seed: %u)$thread %u starting: file '%s' relative thread %u file offset: %I64u (starting in block: %I64u)$thread %u starting: file '%s' relative thread %u random pattern$thread %u: Error setting file pointer$thread %u: received signal to start$thread %u: waiting for a signal to start$unable to create IO completion port (error code: %u)$write
                                                                                                                                                                                            • API String ID: 2250426-2870866691
                                                                                                                                                                                            • Opcode ID: 1fc79c4f7859ae59c525e6ed6472040b04816c9abb2c56a24445e37896a33214
                                                                                                                                                                                            • Instruction ID: 41b6a0db2ea68487b788d4b57576713077d9a04afbdd0d18f0f1ffc1cc9abf12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1fc79c4f7859ae59c525e6ed6472040b04816c9abb2c56a24445e37896a33214
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8B929C70900255AFDF24CF64C980BA9B7B5EF54314F0490DAEA49BB392CB719D86CF60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1175 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 82COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(00000020,000000FF,000000B8,?,?), ref: 00ED119B
                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 00ED11A2
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00ED11AC
                                                                                                                                                                                            • LookupPrivilegeValueA.ADVAPI32(00000000,SeLockMemoryPrivilege,?), ref: 00ED11D4
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?), ref: 00ED11DE
                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(000000FF,?,?), ref: 00ED1232
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastProcess$ChangeCloseCurrentFindLookupNotificationOpenPrivilegeTokenValue
                                                                                                                                                                                            • String ID: %s Error adjusting token privileges for %s (error code: %u)$%s Error looking up privilege value %s (error code: %u)$%s Error opening process token (error code: %u)$ERROR:$SeLockMemoryPrivilege
                                                                                                                                                                                            • API String ID: 3977855488-962059016
                                                                                                                                                                                            • Opcode ID: df5386a64e3eac1d7621c2bcbfd25ae729ea8a538abcb25a284edd970b84d41b
                                                                                                                                                                                            • Instruction ID: 614b7a0d5b6c59cb7b7be474bce7138f12156092a2de12663ac691819c5e7032
                                                                                                                                                                                            • Opcode Fuzzy Hash: df5386a64e3eac1d7621c2bcbfd25ae729ea8a538abcb25a284edd970b84d41b
                                                                                                                                                                                            • Instruction Fuzzy Hash: A121D670600248BFD7209FA29C4EEBF7B7DFB41315B00115EB611F61D0E671490AC671
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1446 Relevance: 1.5, APIs: 1, Instructions: 27nativeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 560 ed1446-ed1480 NtQuerySystemInformation call edcfa0 563 ed1485-ed1488 560->563
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL ref: 00ED1471
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                            • Opcode ID: 9b919d4fbd1611b74b1700701abdea33fb1917af8a9852c399593f791a8bbeb3
                                                                                                                                                                                            • Instruction ID: 7a70aa3b644bed6e2bf18f4b47f91640993038323966afbb0cb5d3bb6020f4b4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b919d4fbd1611b74b1700701abdea33fb1917af8a9852c399593f791a8bbeb3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BE0653160111DAFD704DF56DC52B9E7B9DEB88350F01805EB906AB190C9306A448B94
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1733 Relevance: 30.1, APIs: 9, Strings: 8, Instructions: 359filesleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 343 ed1733-ed179e call edd114 call ed4dd7 348 ed17fa-ed17fc 343->348 349 ed17a0-ed17a3 343->349 350 ed1af7-ed1afe 348->350 351 ed1802 348->351 352 ed17a5-ed17ba 349->352 355 ed1b04-ed1b09 350->355 356 ed1821-ed1828 350->356 357 ed1804-ed181a call ed8208 351->357 353 ed17bc-ed17bf 352->353 354 ed17c1 352->354 358 ed17c4-ed17ce 353->358 354->358 359 ed1b0a-ed1b0c 355->359 356->355 361 ed182e-ed1840 356->361 375 ed181c 357->375 364 ed17d5-ed17e3 call ed80d1 358->364 365 ed17d0-ed17d3 358->365 366 ed1b0e-ed1b15 ??3@YAXPAX@Z 359->366 367 ed1b16-ed1b1d call edd0e7 359->367 362 ed1999-ed199d 361->362 363 ed1846-ed18a7 call ed813d 361->363 373 ed199f-ed19ab 362->373 374 ed19b9-ed19d2 GetQueuedCompletionStatus 362->374 384 ed18a9-ed18ab 363->384 385 ed18c4-ed18c8 363->385 370 ed17e8-ed17f5 364->370 365->364 365->370 366->367 370->352 377 ed17f7 370->377 373->374 379 ed19ad-ed19b0 373->379 380 ed19d8-ed1a03 374->380 381 ed1aea-ed1af5 GetLastError 374->381 375->350 377->348 379->374 387 ed19b2-ed19b3 Sleep 379->387 382 ed1a1f-ed1a34 380->382 383 ed1a05-ed1a1c call ed1330 380->383 381->350 386 ed1b47-ed1b53 call ed1330 381->386 390 ed1a6a-ed1a70 382->390 391 ed1a36-ed1a65 call ed0d77 382->391 383->382 384->385 392 ed18ad-ed18af 384->392 393 ed18dc-ed18fd call ed170c 385->393 394 ed18ca-ed18d8 call eca975 385->394 404 ed1b54-ed1b56 386->404 387->374 400 ed1a8e-ed1ae8 call ed1490 call edd910 call ed1370 call ed8208 390->400 401 ed1a72-ed1a7c 390->401 391->390 398 ed18b4-ed18bf call ed8208 392->398 399 ed18b1 392->399 410 ed18ff-ed1930 ReadFile 393->410 411 ed1932-ed1959 call ecc075 WriteFile 393->411 394->393 417 ed1984-ed1993 398->417 399->398 400->350 401->400 406 ed1a7e-ed1a8b call ed12f0 401->406 404->359 406->400 415 ed195c-ed195e 410->415 411->415 421 ed1971-ed1977 415->421 422 ed1960-ed196b GetLastError 415->422 417->362 417->363 421->417 426 ed1979-ed197f call ed81c5 421->426 422->421 425 ed1b1e-ed1b26 422->425 429 ed1b2d-ed1b45 GetLastError call ed1330 425->429 430 ed1b28 425->430 426->417 429->404 430->429
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ReadFile.KERNELBASE(00000010,00000001,?,00000000,?,?,00000060,00ED2D66), ref: 00ED1927
                                                                                                                                                                                            • WriteFile.KERNEL32(00000010,00000000,00000001,00000001,?,00000000,?,?,00000060,00ED2D66), ref: 00ED1953
                                                                                                                                                                                              • Part of subcall function 00ED1490: __aullrem.LIBCMT ref: 00ED1502
                                                                                                                                                                                              • Part of subcall function 00ED1490: __aullrem.LIBCMT ref: 00ED15DE
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED1960
                                                                                                                                                                                            • Sleep.KERNEL32(?,?,?,00000060,00ED2D66), ref: 00ED19B3
                                                                                                                                                                                            • GetQueuedCompletionStatus.KERNEL32(f-,?,`f-,00000010,00000001,?,00000060,00ED2D66), ref: 00ED19CA
                                                                                                                                                                                              • Part of subcall function 00ECA975: QueryPerformanceCounter.KERNEL32(00000000,00000001,00000001,?,00ED1E0F,000000B8,00000000,?), ref: 00ECA980
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED1AB7
                                                                                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 00ED1B0F
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED1B2D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLast__aullrem$??3@CompletionCounterPerformanceQueryQueuedReadSleepStatusUnothrow_t@std@@@Write__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID: Warning: thread %u transferred %u bytes instead of %u bytes$`f-$error during overlapped IO operation (error code: %u)$f-$read$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$t[%u] error during %s error code: %u)$write
                                                                                                                                                                                            • API String ID: 202472602-720180158
                                                                                                                                                                                            • Opcode ID: adab3e06687ba99f8dec396b87a45c558bba9f0c44f7b07c299183f02fc88a42
                                                                                                                                                                                            • Instruction ID: d1de461105d56866df1bb02e62bfcef999e9c6bc99ea0b7aa78e15170989e4fb
                                                                                                                                                                                            • Opcode Fuzzy Hash: adab3e06687ba99f8dec396b87a45c558bba9f0c44f7b07c299183f02fc88a42
                                                                                                                                                                                            • Instruction Fuzzy Hash: 54E14D71E00218AFCF14DFA8C994AADBBF6EF48314F14509AE905BB3A6D7319C42CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED2E86 Relevance: 6.1, APIs: 4, Instructions: 60stringCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 474 ed2e86-ed2e9f 475 ed2ea6-ed2ebe strcpy_s 474->475 476 ed2ea1 474->476 478 ed2ec4-ed2ed3 475->478 479 ed2ec0-ed2ec2 475->479 477 ed2ea3-ed2ea4 476->477 480 ed2f17-ed2f24 call edcfa0 477->480 481 ed2ed5 478->481 482 ed2f13 478->482 479->477 484 ed2ed7-ed2eda 481->484 485 ed2f15-ed2f16 482->485 487 ed2f0c-ed2f11 484->487 488 ed2edc-ed2edf 484->488 485->480 487->482 487->484 488->487 489 ed2ee1-ed2ef4 GetFileAttributesA 488->489 490 ed2f09 489->490 491 ed2ef6-ed2f07 CreateDirectoryA 489->491 490->487 491->490 492 ed2f25-ed2f2b GetLastError 491->492 492->485
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • strcpy_s.MSVCRT ref: 00ED2EB3
                                                                                                                                                                                            • GetFileAttributesA.KERNELBASE(00000000), ref: 00ED2EEB
                                                                                                                                                                                            • CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00ED2EFF
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED2F25
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AttributesCreateDirectoryErrorFileLaststrcpy_s
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 354552961-0
                                                                                                                                                                                            • Opcode ID: 51b814043e3778cbb41b48dfdcd5f02b010aa4682d0d3bb2591ed636576535c6
                                                                                                                                                                                            • Instruction ID: d413bf52787304902bd7cdfb65f0834c4ffe3c4c89441914db1590aab16f3bee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 51b814043e3778cbb41b48dfdcd5f02b010aa4682d0d3bb2591ed636576535c6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E11EB30A08288AED7318B349C447EA7BF9DB65354F14189EEBC5F61C1DBB059C6C750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECBFD5 Relevance: 4.6, APIs: 3, Instructions: 64memoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 493 ecbfd5-ecbff4 494 ecbff6-ecc00e GetLargePageMinimum 493->494 495 ecc010-ecc017 493->495 496 ecc018-ecc02e VirtualAlloc 494->496 495->496 497 ecc065-ecc06d 496->497 498 ecc030-ecc033 496->498 499 ecc035-ecc038 498->499 500 ecc053-ecc062 call ecc0e3 498->500 501 ecc03a-ecc045 memset 499->501 502 ecc047-ecc049 499->502 500->497 501->500 502->500 504 ecc04b-ecc051 502->504 504->500 504->504
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLargePageMinimum.KERNEL32 ref: 00ECBFF6
                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 00ECC01B
                                                                                                                                                                                            • memset.MSVCRT ref: 00ECC03D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocLargeMinimumPageVirtualmemset
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3383278933-0
                                                                                                                                                                                            • Opcode ID: 0f862769242faa060ccf6dbb4d8b07dac307078b5aab012925fb2c24d057bfa4
                                                                                                                                                                                            • Instruction ID: 91d99924a96b4d44ecf2b58541aca67ce03eafdb263c77ea055e48268f847ee7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f862769242faa060ccf6dbb4d8b07dac307078b5aab012925fb2c24d057bfa4
                                                                                                                                                                                            • Instruction Fuzzy Hash: C11123B190524DBFEB148A658882FBABBACEB11304F24505EF948B7241C6725C4AC7E0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECA58F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 506 eca58f-eca59b 507 eca59d-eca5a0 506->507 508 eca5af-eca5b2 506->508 509 eca5b5-eca5ba call edcbe6 507->509 510 eca5a2-eca5a3 call edca2b 507->510 514 eca5a8-eca5ad 510->514 514->508 514->509
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::tr1::_Xmem.LIBCPMT ref: 00ECA5B5
                                                                                                                                                                                              • Part of subcall function 00EDCA2B: malloc.MSVCRT ref: 00EDCA42
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                            • API String ID: 257571584-2766056989
                                                                                                                                                                                            • Opcode ID: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                            • Instruction ID: 48cffdbc833bb4b7f41ce072e0e5e33b4be37a27d4a0bf95ff94554f46f12b40
                                                                                                                                                                                            • Opcode Fuzzy Hash: 399b7a485d091a66600d6952dbfa20f3ceafde20b4a6854d3a2a6daddf43b3a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: EBD05E7130820F0A5A1C65BD6516A2E72C88E447B9328A53F7527E66C0ED22EC02816A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECA49C Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 515 eca49c-eca4b6 call edd187 518 eca4bd-eca4d4 515->518 519 eca4b8-eca4bb 515->519 520 eca4e7-eca4f2 call eca58f 518->520 521 eca4d6-eca4dd 518->521 519->520 525 eca4f7-eca52a 520->525 522 eca4df-eca4e2 521->522 523 eca4e4-eca4e6 521->523 522->520 523->520 527 eca52c-eca530 525->527 528 eca547-eca554 call eca1b9 525->528 529 eca536 527->529 530 eca532-eca534 527->530 535 eca55b-eca564 528->535 536 eca556-eca559 528->536 532 eca538-eca53a 529->532 530->532 532->528 534 eca53c-eca544 memcpy 532->534 534->528 537 eca568-eca571 call edd0e7 535->537 538 eca566 535->538 536->535 538->537
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3_catchmemcpy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1910038392-0
                                                                                                                                                                                            • Opcode ID: e6614dd22a8a921795e529f092d19f91075cbe8f8c2ea176739effb5e6f2436c
                                                                                                                                                                                            • Instruction ID: 062104b56ccfbb8c21fd464080d6e1a722162ccc06a9812a08e89552f618fca4
                                                                                                                                                                                            • Opcode Fuzzy Hash: e6614dd22a8a921795e529f092d19f91075cbe8f8c2ea176739effb5e6f2436c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70210B71A042099BDB24DF58C981BADB7B5FB40318F18523DD5627B3C1C772A9478792
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED834C Relevance: 3.0, APIs: 2, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memsetvsprintf_s
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3742729749-0
                                                                                                                                                                                            • Opcode ID: 463633f5309837c849de8a988b64d28da70148ffb5dfe8cdbf0915c6daa0b25d
                                                                                                                                                                                            • Instruction ID: 6335bbad75b302b8dd19648c53e3acfdefff5ead4b2c7eb958710b2dc69435ad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 463633f5309837c849de8a988b64d28da70148ffb5dfe8cdbf0915c6daa0b25d
                                                                                                                                                                                            • Instruction Fuzzy Hash: E401817290015DABCB11EF95DD45EDFB3FCEB48315F00049AB608E7100DA71AA868BA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED5DF7 Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 550 ed5df7-ed5e04 call ecebcd 552 ed5e09-ed5e2b memmove 550->552 553 ed5e2d-ed5e35 ??3@YAXPAX@Z 552->553 554 ed5e36-ed5e4b 552->554 553->554
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ??3@memmove
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1783365933-0
                                                                                                                                                                                            • Opcode ID: 24ca6025a1f342bb383ffe3f0f9ed6cc1ae4d205b40c3a7c431a125733af4fd1
                                                                                                                                                                                            • Instruction ID: 1a41bec9368714334f9fd56fcbdc6afe815852d8bf65e288443899849b40f119
                                                                                                                                                                                            • Opcode Fuzzy Hash: 24ca6025a1f342bb383ffe3f0f9ed6cc1ae4d205b40c3a7c431a125733af4fd1
                                                                                                                                                                                            • Instruction Fuzzy Hash: C7F04F76001608EFC7319F29D884D97FBF9EF85360724862EF99583254D731AA50CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00EDCA2B Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 555 edca2b-edca30 556 edca3f-edca4b malloc 555->556 557 edca4d-edca4e 556->557 558 edca32-edca3d _callnewh 556->558 558->556 559 edca4f 558->559 559->559
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _callnewhmalloc
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2285944120-0
                                                                                                                                                                                            • Opcode ID: ae7468f75dd4af12f456c1c96efcf1a4172b1eb8f26e1ab577601ad2c8885f37
                                                                                                                                                                                            • Instruction ID: f3abd6e0c79397dc0cc739c1303b93b632d4715bb60084cc5fb13850847a7995
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae7468f75dd4af12f456c1c96efcf1a4172b1eb8f26e1ab577601ad2c8885f37
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59D0A93100C10FEA8F20AA9AEC244AA3B5DEB803E07342027F80EB9661DF21CC63D440
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECEBCD Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 564 ecebcd-ecebd9 565 ecebdb-ecebe0 564->565 566 ecebf2-ecebf5 564->566 567 ecebf8-ecebfd call edcbe6 565->567 568 ecebe2-ecebe6 call edca2b 565->568 571 ecebeb-ecebf0 568->571 571->566 571->567
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::tr1::_Xmem.LIBCPMT ref: 00ECEBF8
                                                                                                                                                                                              • Part of subcall function 00EDCA2B: malloc.MSVCRT ref: 00EDCA42
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 257571584-0
                                                                                                                                                                                            • Opcode ID: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                            • Instruction ID: 72cc8e6406463c17c178f3fa0e28b8e184a4bced923e28b7b74fed52209bea46
                                                                                                                                                                                            • Opcode Fuzzy Hash: f0ad478dba8e2f6475ea0f60988791a944f8e226c44f4ae9953444f3b242845a
                                                                                                                                                                                            • Instruction Fuzzy Hash: BFD05E7520822B076F3C61AD5516D3E72C8CA847B4364652F7527E6780DC22DC038119
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00ECD640 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 167COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • ERROR: group %u is out of range, xrefs: 00ECD70E
                                                                                                                                                                                            • ERROR: core %u is out of range, xrefs: 00ECD740, 00ECD7A9
                                                                                                                                                                                            • ERROR: syntax error parsing affinity at highlighted character-%s, xrefs: 00ECD769
                                                                                                                                                                                            • ERROR: incomplete affinity specification, xrefs: 00ECD7C7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf
                                                                                                                                                                                            • String ID: ERROR: core %u is out of range$ERROR: group %u is out of range$ERROR: incomplete affinity specification$ERROR: syntax error parsing affinity at highlighted character-%s
                                                                                                                                                                                            • API String ID: 383729395-1019511092
                                                                                                                                                                                            • Opcode ID: 19a63da11f321b8259c951f0506f386a518b617c2b7dd26def77f01a07782a0b
                                                                                                                                                                                            • Instruction ID: 3f48a4601f7038f28ebd284c7e9639edf78aa89503e78d7b0df7f81400d2235e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 19a63da11f321b8259c951f0506f386a518b617c2b7dd26def77f01a07782a0b
                                                                                                                                                                                            • Instruction Fuzzy Hash: E2412B3294D354AEEB205A64AE5EFEE6B688F02714F18703FEC5877283D673084BC641
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1085 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 95synchronizationCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 00ED10AB
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED10B8
                                                                                                                                                                                            • DeviceIoControl.KERNEL32(?,00070000,00000000,00000000,00000001,00000018,?,?), ref: 00ED10ED
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED10F9
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00ED110B
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED1115
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00ED1138
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • ERROR: Could not obtain drive geometry (error code: %u), xrefs: 00ED1129
                                                                                                                                                                                            • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 00ED111C
                                                                                                                                                                                            • ERROR: Failed to create event (error code: %u), xrefs: 00ED10BF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                            • String ID: ERROR: Could not obtain drive geometry (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                            • API String ID: 3935222316-3021154126
                                                                                                                                                                                            • Opcode ID: 6d3c660fb5fd0dca289631bf0efe7a541eb7d4f7fd6af9b99fc8cf26b2b9cab4
                                                                                                                                                                                            • Instruction ID: 1f5e3a53e4e81f289e1dfa0376f9bc8142dc2c2577ba0a220a73dc2b44105238
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d3c660fb5fd0dca289631bf0efe7a541eb7d4f7fd6af9b99fc8cf26b2b9cab4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C21E732901189BF9B219FE5DC49DFFBBBEEB88710B10115EFA01F6290DA724D06C661
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00EDD498 Relevance: 7.6, APIs: 5, Instructions: 53timethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00EDD4CE
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 00EDD4DD
                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00EDD4E6
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00EDD4EF
                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00EDD504
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                            • Opcode ID: 60a0d002645875db35d0b0bd36707000f9febe7db5c6218afd4330ba13514c2a
                                                                                                                                                                                            • Instruction ID: d0d536c5bb4481410282791d3ab6f16b807bb8b546f34e33e79cdb06c20a5f73
                                                                                                                                                                                            • Opcode Fuzzy Hash: 60a0d002645875db35d0b0bd36707000f9febe7db5c6218afd4330ba13514c2a
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4117C70D0524CDFCB10CFA5E9886AEB7B5EB08315F51489AE506FB254DB309A48CB10
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00EDD5FA Relevance: 6.0, APIs: 4, Instructions: 13COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00EDD735,00EC1E98), ref: 00EDD601
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(00EDD735,?,00EDD735,00EC1E98), ref: 00EDD60A
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(C0000409,?,00EDD735,00EC1E98), ref: 00EDD615
                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00EDD735,00EC1E98), ref: 00EDD61C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CurrentTerminate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3231755760-0
                                                                                                                                                                                            • Opcode ID: a3f972b204e4b034f0b225a93246e83de0468b503c6cb0292b9c4b1a8ebd01cd
                                                                                                                                                                                            • Instruction ID: 52aa690ce3014ac190da7c0741b79e7b0529ccca3b16c493e99a0db7ca86b153
                                                                                                                                                                                            • Opcode Fuzzy Hash: a3f972b204e4b034f0b225a93246e83de0468b503c6cb0292b9c4b1a8ebd01cd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 88D0C97200018CAFCB002FE2EC4DA593E2DEB44252F048008F30AAA0A0CB714545CB61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECCEC4 Relevance: 436.0, APIs: 130, Strings: 119, Instructions: 281COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • -? display usage information, xrefs: 00ECCF3F
                                                                                                                                                                                            • -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation, xrefs: 00ECCF6E
                                                                                                                                                                                            • Examples:, xrefs: 00ECD454
                                                                                                                                                                                            • (ignored if -r is specified, makes sense only with -o2 or greater), xrefs: 00ECD169
                                                                                                                                                                                            • absence of this switch indicates 100%% reads, xrefs: 00ECD2BB
                                                                                                                                                                                            • -Sh equivalent -Suw, xrefs: 00ECD239
                                                                                                                                                                                            • -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread, xrefs: 00ECD017
                                                                                                                                                                                            • completed I/O operations, counted separately by each thread , xrefs: 00ECD183
                                                                                                                                                                                            • -n disable default affinity (-a), xrefs: 00ECD128
                                                                                                                                                                                            • for example to test only the first sectors of a disk, xrefs: 00ECD058
                                                                                                                                                                                            • version %s (%s), xrefs: 00ECCEEF
                                                                                                                                                                                            • -R<text|xml> output format. Default is text., xrefs: 00ECD19D
                                                                                                                                                                                            • -d<seconds> duration (in seconds) to run test [default=10s], xrefs: 00ECD03E
                                                                                                                                                                                            • to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test, xrefs: 00ECD4BD
                                                                                                                                                                                            • as seen by the target will not be truly sequential. Under -si the threads, xrefs: 00ECD1D1
                                                                                                                                                                                            • lasting 10 seconds:, xrefs: 00ECD4C8
                                                                                                                                                                                            • access read test lasting 10 seconds:, xrefs: 00ECD499
                                                                                                                                                                                            • -ag0,0,1,2 -ag1,0,1,2 is equivalent., xrefs: 00ECCFBC
                                                                                                                                                                                            • Write buffers:, xrefs: 00ECD310
                                                                                                                                                                                            • -F<count> total number of threads (conflicts with -t), xrefs: 00ECD0A6
                                                                                                                                                                                            • note that this can not be specified when using completion routines, xrefs: 00ECD0C0
                                                                                                                                                                                            • file_path, xrefs: 00ECCF0C
                                                                                                                                                                                            • r : the FILE_FLAG_RANDOM_ACCESS hint, xrefs: 00ECD072
                                                                                                                                                                                            • -i<count> number of IOs per burst; see -j [default: inactive], xrefs: 00ECD0E7
                                                                                                                                                                                            • Available options:, xrefs: 00ECCF34
                                                                                                                                                                                            • -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations., xrefs: 00ECD326
                                                                                                                                                                                            • 2016/5/01, xrefs: 00ECCEE5
                                                                                                                                                                                            • (creates a notification event if <eventname> does not exist), xrefs: 00ECD36B, 00ECD370, 00ECD382, 00ECD394, 00ECD3A9
                                                                                                                                                                                            • I/O operations per thread, disable all caching mechanisms and run block-aligned random, xrefs: 00ECD48E
                                                                                                                                                                                            • -Sb enable caching (default, explicitly stated), xrefs: 00ECD22C
                                                                                                                                                                                            • (offset from the beginning of the file), xrefs: 00ECCFE3
                                                                                                                                                                                            • 2.0.17a, xrefs: 00ECCEEA
                                                                                                                                                                                            • -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING, xrefs: 00ECD246
                                                                                                                                                                                            • -eIMAGE_LOAD image load, xrefs: 00ECD404
                                                                                                                                                                                            • [default: none], xrefs: 00ECD099
                                                                                                                                                                                            • -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH, xrefs: 00ECD260
                                                                                                                                                                                            • Usage: %s [options] target1 [ target2 [ target3 ...] ], xrefs: 00ECCEDA
                                                                                                                                                                                            • makes sense only with #threads > 1, xrefs: 00ECD294
                                                                                                                                                                                            • -eTHREAD thread start & end, xrefs: 00ECD3F9
                                                                                                                                                                                            • -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event, xrefs: 00ECD39E
                                                                                                                                                                                            • %s -c8192K -d1 testfile.dat, xrefs: 00ECD471
                                                                                                                                                                                            • Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads, xrefs: 00ECD4B2
                                                                                                                                                                                            • -l Use large pages for IO buffers, xrefs: 00ECD10E
                                                                                                                                                                                            • Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding), xrefs: 00ECD483
                                                                                                                                                                                            • %s -b4K -t2 -r -o32 -d10 -h testfile.dat, xrefs: 00ECD4A7
                                                                                                                                                                                            • -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default), xrefs: 00ECD101
                                                                                                                                                                                            • -P<count> enable printing a progress dot after each <count> [default=65536], xrefs: 00ECD176
                                                                                                                                                                                            • -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads, xrefs: 00ECD27A
                                                                                                                                                                                            • [default; use -n to disable default affinity], xrefs: 00ECCF63
                                                                                                                                                                                            • [default = q, query perf timer (qpc)], xrefs: 00ECD3D8
                                                                                                                                                                                            • -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1., xrefs: 00ECCFAF
                                                                                                                                                                                            • [default=0] (starting offset = base file offset + (thread number * <offs>), xrefs: 00ECD287
                                                                                                                                                                                            • Event Tracing:, xrefs: 00ECD3C2
                                                                                                                                                                                            • -C<seconds> cool down time - duration of the test after measurements finished [default=0s]., xrefs: 00ECD00A
                                                                                                                                                                                            • [default=2], xrefs: 00ECD14F
                                                                                                                                                                                            • -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time], xrefs: 00ECD2FC
                                                                                                                                                                                            • -c<size>[K|M|G|b] create files of the given size., xrefs: 00ECCFF0
                                                                                                                                                                                            • Size can be stated in bytes or KiB/MiB/GiB/blocks, xrefs: 00ECCFFD
                                                                                                                                                                                            • -S[bhruw] control caching behavior [default: caching is enabled, no writethrough], xrefs: 00ECD205
                                                                                                                                                                                            • per-target: text output provides IOPs standard deviation, XML provides the full, xrefs: 00ECD024
                                                                                                                                                                                            • specifies Processor Groups for the following CPU core #s. Multiple Processor Groups, xrefs: 00ECCF7B
                                                                                                                                                                                            • -x use completion routines instead of I/O Completion Ports, xrefs: 00ECD2E2
                                                                                                                                                                                            • -Z zero buffers used for write tests, xrefs: 00ECD31B
                                                                                                                                                                                            • %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat, xrefs: 00ECD4D6
                                                                                                                                                                                            • -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0], xrefs: 00ECCFD6
                                                                                                                                                                                            • -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive], xrefs: 00ECD0F4
                                                                                                                                                                                            • #<physical drive number>, xrefs: 00ECCF17
                                                                                                                                                                                            • -ye<eventname> sets event <eventname> and quits, xrefs: 00ECD3B0
                                                                                                                                                                                            • -ys<eventname> signals event <eventname> before starting the actual run (no warmup), xrefs: 00ECD360
                                                                                                                                                                                            • In non-interlocked mode, threads do not coordinate, so the pattern of offsets, xrefs: 00ECD1C4
                                                                                                                                                                                            • -eMEMORY_HARD_FAULTS hard faults only, xrefs: 00ECD425
                                                                                                                                                                                            • [default access=non-interlocked sequential, default stride=block size], xrefs: 00ECD1B7
                                                                                                                                                                                            • IOPs time series in addition. [default=1000, 1 second]., xrefs: 00ECD031
                                                                                                                                                                                            • -eNETWORK TCP/IP, UDP/IP send & receive, xrefs: 00ECD430
                                                                                                                                                                                            • -f<rst> open file with one or more additional access hints, xrefs: 00ECD065
                                                                                                                                                                                            • -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters., xrefs: 00ECD2EF
                                                                                                                                                                                            • -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond, xrefs: 00ECD0B3
                                                                                                                                                                                            • [default inactive], xrefs: 00ECD0CD
                                                                                                                                                                                            • Group 0 is filled before Group 1, and so forth., xrefs: 00ECCF55
                                                                                                                                                                                            • -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload)., xrefs: 00ECD2AE
                                                                                                                                                                                            • <partition_drive_letter>:, xrefs: 00ECCF22
                                                                                                                                                                                            • -L measure latency statistics, xrefs: 00ECD11B
                                                                                                                                                                                            • -p start parallel sequential I/O operations with the same offset, xrefs: 00ECD15C
                                                                                                                                                                                            • -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s), xrefs: 00ECD190
                                                                                                                                                                                            • -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n., xrefs: 00ECCF4A
                                                                                                                                                                                            • t : the FILE_ATTRIBUTE_TEMPORARY hint, xrefs: 00ECD08C
                                                                                                                                                                                            • By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...), xrefs: 00ECD343
                                                                                                                                                                                            • may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed., xrefs: 00ECCF88
                                                                                                                                                                                            • s : the FILE_FLAG_SEQUENTIAL_SCAN hint, xrefs: 00ECD07F
                                                                                                                                                                                            • -ep use paged memory for the NT Kernel Logger [default=non-paged memory], xrefs: 00ECD3E3
                                                                                                                                                                                            • -eMEMORY_PAGE_FAULTS all page faults, xrefs: 00ECD41A
                                                                                                                                                                                            • non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu, xrefs: 00ECD212
                                                                                                                                                                                            • Examples: -a0,1,2 and -ag0,0,1,2 are equivalent., xrefs: 00ECCFA2
                                                                                                                                                                                            • -h deprecated, see -Sh, xrefs: 00ECD0DA
                                                                                                                                                                                            • IMPORTANT: a write test will destroy existing data without a warning, xrefs: 00ECD2C8
                                                                                                                                                                                            • -W<seconds> warm up time - duration of the test before measurements start [default=5s], xrefs: 00ECD2D5
                                                                                                                                                                                            • -yr<eventname> waits on event <eventname> before starting the run (including warmup), xrefs: 00ECD389
                                                                                                                                                                                            • -eREGISTRY registry calls, xrefs: 00ECD43B
                                                                                                                                                                                            • Additional groups/processors may be added, comma separated, or on separate parameters., xrefs: 00ECCF95
                                                                                                                                                                                            • -v verbose mode, xrefs: 00ECD2A1
                                                                                                                                                                                            • -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K], xrefs: 00ECCFC9
                                                                                                                                                                                            • -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations., xrefs: 00ECD331
                                                                                                                                                                                            • Available targets:, xrefs: 00ECCF01
                                                                                                                                                                                            • -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations, xrefs: 00ECD1AA
                                                                                                                                                                                            • -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,, xrefs: 00ECD04B
                                                                                                                                                                                            • -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems, xrefs: 00ECD253
                                                                                                                                                                                            • but promotes a more sequential pattern., xrefs: 00ECD1EB
                                                                                                                                                                                            • -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown), xrefs: 00ECD377
                                                                                                                                                                                            • -S equivalent to -Su, xrefs: 00ECD21F
                                                                                                                                                                                            • -o<count> number of outstanding I/O requests per target per thread, xrefs: 00ECD135
                                                                                                                                                                                            • (ignored if -r specified, -si conflicts with -T and -p), xrefs: 00ECD1F8
                                                                                                                                                                                            • -eDISK_IO physical disk IO, xrefs: 00ECD40F
                                                                                                                                                                                            • Synchronization:, xrefs: 00ECD355
                                                                                                                                                                                            • manipulate a shared offset with InterlockedIncrement, which may reduce throughput,, xrefs: 00ECD1DE
                                                                                                                                                                                            • Create 8192KB file and run read test on it for 1 second:, xrefs: 00ECD461
                                                                                                                                                                                            • -ePROCESS process start & end, xrefs: 00ECD3EE
                                                                                                                                                                                            • (1=synchronous I/O, unless more than 1 thread is specified with -F), xrefs: 00ECD142
                                                                                                                                                                                            • -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively., xrefs: 00ECD3CD
                                                                                                                                                                                            • -t<count> number of threads per target (conflicts with -F), xrefs: 00ECD26D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: printf
                                                                                                                                                                                            • String ID: -ag0,0,1,2 -ag1,0,1,2 is equivalent.$ -ag0,0,1,2,g1,0,1,2 specifies the first three cores in groups 0 and 1.$ (1=synchronous I/O, unless more than 1 thread is specified with -F)$ (ignored if -r is specified, makes sense only with -o2 or greater)$ (ignored if -r specified, -si conflicts with -T and -p)$ (offset from the beginning of the file)$ Additional groups/processors may be added, comma separated, or on separate parameters.$ Examples: -a0,1,2 and -ag0,0,1,2 are equivalent.$ Group 0 is filled before Group 1, and so forth.$ IMPORTANT: a write test will destroy existing data without a warning$ IOPs time series in addition. [default=1000, 1 second].$ In non-interlocked mode, threads do not coordinate, so the pattern of offsets$ Size can be stated in bytes or KiB/MiB/GiB/blocks$ [default = q, query perf timer (qpc)]$ [default access=non-interlocked sequential, default stride=block size]$ [default inactive]$ [default: none]$ [default; use -n to disable default affinity]$ [default=0] (starting offset = base file offset + (thread number * <offs>)$ [default=2]$ as seen by the target will not be truly sequential. Under -si the threads$ but promotes a more sequential pattern.$ completed I/O operations, counted separately by each thread $ for example to test only the first sectors of a disk$ makes sense only with #threads > 1$ manipulate a shared offset with InterlockedIncrement, which may reduce throughput,$ may be specified, and groups/cores may be repeated. If no group is specified, 0 is assumed.$ non-conflicting flags may be combined in any order; ex: -Sbw, -Suw, -Swu$ note that this can not be specified when using completion routines$ per-target: text output provides IOPs standard deviation, XML provides the full$ r : the FILE_FLAG_RANDOM_ACCESS hint$ s : the FILE_FLAG_SEQUENTIAL_SCAN hint$ specifies Processor Groups for the following CPU core #s. Multiple Processor Groups$ t : the FILE_ATTRIBUTE_TEMPORARY hint$ absence of this switch indicates 100%% reads$ (creates a notification event if <eventname> does not exist)$ #<physical drive number>$ <partition_drive_letter>:$ file_path$ %s -b4K -t2 -r -o32 -d10 -h testfile.dat$ %s -c1G -b4K -t2 -d10 -a0,1 testfile1.dat testfile2.dat$ %s -c8192K -d1 testfile.dat$ -? display usage information$ -B<offs>[K|M|G|b] base target offset in bytes or KiB/MiB/GiB/blocks [default=0]$ -C<seconds> cool down time - duration of the test after measurements finished [default=0s].$ -D<milliseconds> Capture IOPs statistics in intervals of <milliseconds>; these are per-thread$ -F<count> total number of threads (conflicts with -t)$ -I<priority> Set IO priority to <priority>. Available values are: 1-very low, 2-low, 3-normal (default)$ -L measure latency statistics$ -P<count> enable printing a progress dot after each <count> [default=65536]$ -R<text|xml> output format. Default is text.$ -S equivalent to -Su$ -S[bhruw] control caching behavior [default: caching is enabled, no writethrough]$ -Sb enable caching (default, explicitly stated)$ -Sh equivalent -Suw$ -Sr disable local caching, with remote sw caching enabled; only valid for remote filesystems$ -Su disable software caching, equivalent to FILE_FLAG_NO_BUFFERING$ -Sw enable writethrough (no hardware write caching), equivalent to FILE_FLAG_WRITE_THROUGH$ -T<offs>[K|M|G|b] starting stride between I/O operations performed on the same target by different threads$ -W<seconds> warm up time - duration of the test before measurements start [default=5s]$ -X<filepath> use an XML file for configuring the workload. Cannot be used with other parameters.$ -Z zero buffers used for write tests$ -Z<size>[K|M|G|b] use a <size> buffer filled with random data as a source for write operations.$ -Z<size>[K|M|G|b],<file> use a <size> buffer filled with data from <file> as a source for write operations.$ -ag group affinity - affinitize threads round-robin to cores in Processor Groups 0 - n.$ -ag#,#[,#,...]> advanced CPU affinity - affinitize threads round-robin to the CPUs provided. The g# notation$ -b<size>[K|M|G] block size in bytes or KiB/MiB/GiB [default=64K]$ -c<size>[K|M|G|b] create files of the given size.$ -d<seconds> duration (in seconds) to run test [default=10s]$ -e<q|c|s> Use query perf timer (qpc), cycle count, or system timer respectively.$ -eDISK_IO physical disk IO$ -eIMAGE_LOAD image load$ -eMEMORY_HARD_FAULTS hard faults only$ -eMEMORY_PAGE_FAULTS all page faults$ -eNETWORK TCP/IP, UDP/IP send & receive$ -ePROCESS process start & end$ -eREGISTRY registry calls$ -eTHREAD thread start & end$ -ep use paged memory for the NT Kernel Logger [default=non-paged memory]$ -f<rst> open file with one or more additional access hints$ -f<size>[K|M|G|b] target size - use only the first <size> bytes or KiB/MiB/GiB/blocks of the file/disk/partition,$ -g<bytes per ms> throughput per-thread per-target throttled to given bytes per millisecond$ -h deprecated, see -Sh$ -i<count> number of IOs per burst; see -j [default: inactive]$ -j<milliseconds> interval in <milliseconds> between issuing IO bursts; see -i [default: inactive]$ -l Use large pages for IO buffers$ -n disable default affinity (-a)$ -o<count> number of outstanding I/O requests per target per thread$ -p start parallel sequential I/O operations with the same offset$ -r<align>[K|M|G|b] random I/O aligned to <align> in bytes/KiB/MiB/GiB/blocks (overrides -s)$ -s[i]<size>[K|M|G|b] sequential stride size, offset between subsequent I/O operations$ -t<count> number of threads per target (conflicts with -F)$ -v verbose mode$ -w<percentage> percentage of write requests (-w and -w0 are equivalent and result in a read-only workload).$ -x use completion routines instead of I/O Completion Ports$ -ye<eventname> sets event <eventname> and quits$ -yf<eventname> signals event <eventname> after the actual run finishes (no cooldown)$ -yp<eventname> stops the run when event <eventname> is set; CTRL+C is bound to this event$ -yr<eventname> waits on event <eventname> before starting the run (including warmup)$ -ys<eventname> signals event <eventname> before starting the actual run (no warmup)$ -z[seed] set random seed [with no -z, seed=0; with plain -z, seed is based on system run time]$ By default, the write buffers are filled with a repeating pattern (0, 1, 2, ..., 255, 0, 1, ...)$2.0.17a$2016/5/01$Available options:$Available targets:$Create 8192KB file and run read test on it for 1 second:$Create two 1GB files, set block size to 4KB, create 2 threads per file, affinitize threads$Event Tracing:$Examples:$I/O operations per thread, disable all caching mechanisms and run block-aligned random$Set block size to 4KB, create 2 threads per file, 32 overlapped (outstanding)$Synchronization:$Usage: %s [options] target1 [ target2 [ target3 ...] ]$Write buffers:$access read test lasting 10 seconds:$lasting 10 seconds:$to CPUs 0 and 1 (each file will have threads affinitized to both CPUs) and run read test$version %s (%s)
                                                                                                                                                                                            • API String ID: 3524737521-2699309960
                                                                                                                                                                                            • Opcode ID: 26a800ce1086d7313ec82a68a7d5f1ba9dcbf87be0fa43cb60ca80dec9804721
                                                                                                                                                                                            • Instruction ID: 523199127c94b7d89b2cbd6129fe56b1852ec3146b95eb9aeefd5c28a909786f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 26a800ce1086d7313ec82a68a7d5f1ba9dcbf87be0fa43cb60ca80dec9804721
                                                                                                                                                                                            • Instruction Fuzzy Hash: E4D1E2B51466C4DFC3042FA5A99D95CBEB8BB86703B019C0DFFD279250CB7552C58B12
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECBB91 Relevance: 66.9, APIs: 18, Strings: 20, Instructions: 356COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • ERROR: -si conflicts with -r, xrefs: 00ECBE3C
                                                                                                                                                                                            • ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix), xrefs: 00ECBCFF
                                                                                                                                                                                            • WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64., xrefs: 00ECBBC5
                                                                                                                                                                                            • ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u, xrefs: 00ECBF68
                                                                                                                                                                                            • ERROR: -si conflicts with -T, xrefs: 00ECBEBB
                                                                                                                                                                                            • WARNING: -z is ignored if -r is not provided, xrefs: 00ECBE93
                                                                                                                                                                                            • ERROR: need to specify -j<think time> with -i<burst size>, xrefs: 00ECBDEE
                                                                                                                                                                                            • ERROR: no timespans specified, xrefs: 00ECBBFB
                                                                                                                                                                                            • ERROR: -T conflicts with -r, xrefs: 00ECBE1B
                                                                                                                                                                                            • WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1, xrefs: 00ECBE77
                                                                                                                                                                                            • ERROR: -g throughput control cannot be used with -x completion routines, xrefs: 00ECBDBD
                                                                                                                                                                                            • ERROR: -T has no effect unless multiple threads per target are used, xrefs: 00ECBF2F
                                                                                                                                                                                            • ERROR: -p conflicts with -r, xrefs: 00ECBE61
                                                                                                                                                                                            • ERROR: -F and -t parameters cannot be used together, xrefs: 00ECBD96
                                                                                                                                                                                            • ERROR: affinity assignment to group %u core %u not possible; group only has %u cores, xrefs: 00ECBCAA
                                                                                                                                                                                            • ERROR: -n and -a parameters cannot be used together, xrefs: 00ECBD3C
                                                                                                                                                                                            • WARNING: single-threaded test, -si ignored, xrefs: 00ECBEFE
                                                                                                                                                                                            • ERROR: affinity assignment to group %u; system only has %u groups, xrefs: 00ECBC5C
                                                                                                                                                                                            • ERROR: -si conflicts with -p, xrefs: 00ECBEDC
                                                                                                                                                                                            • WARNING: target access pattern will not be sequential, consider -si, xrefs: 00ECBF23
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$__iob_func
                                                                                                                                                                                            • String ID: ERROR: -F and -t parameters cannot be used together$ERROR: -T conflicts with -r$ERROR: -T has no effect unless multiple threads per target are used$ERROR: -g throughput control cannot be used with -x completion routines$ERROR: -n and -a parameters cannot be used together$ERROR: -p conflicts with -r$ERROR: -si conflicts with -T$ERROR: -si conflicts with -p$ERROR: -si conflicts with -r$ERROR: affinity assignment to group %u core %u not possible; core is not active (current mask 0x%Ix)$ERROR: affinity assignment to group %u core %u not possible; group only has %u cores$ERROR: affinity assignment to group %u; system only has %u groups$ERROR: custom write buffer (-Z) is smaller than the block size. Write buffer size: %I64u block size: %u$ERROR: need to specify -j<think time> with -i<burst size>$ERROR: no timespans specified$WARNING: -p does not have effect unless outstanding I/O count (-o) is > 1$WARNING: -z is ignored if -r is not provided$WARNING: Complete CPU utilization cannot currently be gathered within DISKSPD for this system. Use alternate mechanisms to gather this data such as perfmon/logman. Active KGroups %u > 1 and/or processor count %u > 64.$WARNING: single-threaded test, -si ignored$WARNING: target access pattern will not be sequential, consider -si
                                                                                                                                                                                            • API String ID: 2177900033-102208394
                                                                                                                                                                                            • Opcode ID: 0da48deeb1e8a94f3e13926eaef4ad8317c29b52ad6d733ebc9f3204cddb8e55
                                                                                                                                                                                            • Instruction ID: b8e5e3f771bded70e8982ce66c8730cd8287fefa85c7b5bfd94433c6373fe68a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0da48deeb1e8a94f3e13926eaef4ad8317c29b52ad6d733ebc9f3204cddb8e55
                                                                                                                                                                                            • Instruction Fuzzy Hash: A3C13A31508380AEE7249B29DD4BF6BBBD8EF40714F14944EF185B62C2D7B2A986CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECB845 Relevance: 66.8, APIs: 1, Strings: 37, Instructions: 281COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • sprintf_s.MSVCRT ref: 00ECB8BC
                                                                                                                                                                                              • Part of subcall function 00ECB41D: sprintf_s.MSVCRT ref: 00ECB51C
                                                                                                                                                                                              • Part of subcall function 00ECB41D: sprintf_s.MSVCRT ref: 00ECB550
                                                                                                                                                                                              • Part of subcall function 00ECA1B9: memcpy.MSVCRT ref: 00ECA1DB
                                                                                                                                                                                              • Part of subcall function 00ECA1B9: ??3@YAXPAX@Z.MSVCRT ref: 00ECA1E4
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: sprintf_s$??3@memcpy
                                                                                                                                                                                            • String ID: </Profile>$</TimeSpans>$<DiskIO>false</DiskIO>$<DiskIO>true</DiskIO>$<ImageLoad>false</ImageLoad>$<ImageLoad>true</ImageLoad>$<MemoryHardFaults>false</MemoryHardFaults>$<MemoryHardFaults>true</MemoryHardFaults>$<MemoryPageFaults>false</MemoryPageFaults>$<MemoryPageFaults>true</MemoryPageFaults>$<Network>false</Network>$<Network>true</Network>$<PrecreateFiles>CreateOnlyFilesWithConstantOrZeroSizes</PrecreateFiles>$<PrecreateFiles>CreateOnlyFilesWithConstantSizes</PrecreateFiles>$<PrecreateFiles>UseMaxSize</PrecreateFiles>$<Process>false</Process>$<Process>true</Process>$<Profile>$<Progress>%u</Progress>$<Registry>false</Registry>$<Registry>true</Registry>$<ResultFormat>* UNSUPPORTED *</ResultFormat>$<ResultFormat>text</ResultFormat>$<ResultFormat>xml</ResultFormat>$<Thread>false</Thread>$<Thread>true</Thread>$<TimeSpans>$<UseCyclesCounter>false</UseCyclesCounter>$<UseCyclesCounter>true</UseCyclesCounter>$<UsePagedMemory>false</UsePagedMemory>$<UsePagedMemory>true</UsePagedMemory>$<UsePerfTimer>false</UsePerfTimer>$<UsePerfTimer>true</UsePerfTimer>$<UseSystemTimer>false</UseSystemTimer>$<UseSystemTimer>true</UseSystemTimer>$<Verbose>false</Verbose>$<Verbose>true</Verbose>
                                                                                                                                                                                            • API String ID: 615691289-2790193338
                                                                                                                                                                                            • Opcode ID: 9258be9f7eb9306f35bd4af6841a8173cba0e52068e7ee127b5af41a46b2c779
                                                                                                                                                                                            • Instruction ID: a206304767b8f2de22d486716e43ca0af3d515a73fd67e5a893935f14a6be90b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9258be9f7eb9306f35bd4af6841a8173cba0e52068e7ee127b5af41a46b2c779
                                                                                                                                                                                            • Instruction Fuzzy Hash: EF81C261D006646ADB24A6608B47FAA66DCAF85324F18317EF90977383CFB76D4743E0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECB41D Relevance: 49.3, APIs: 7, Strings: 21, Instructions: 269COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: sprintf_s
                                                                                                                                                                                            • String ID: </Affinity>$</Targets>$</TimeSpan>$<Affinity>$<AffinityGroupAssignment Group="%u" Processor="%u"/>$<CalculateIopsStdDev>false</CalculateIopsStdDev>$<CalculateIopsStdDev>true</CalculateIopsStdDev>$<CompletionRoutines>false</CompletionRoutines>$<CompletionRoutines>true</CompletionRoutines>$<Cooldown>%u</Cooldown>$<DisableAffinity>false</DisableAffinity>$<DisableAffinity>true</DisableAffinity>$<Duration>%u</Duration>$<IoBucketDuration>%u</IoBucketDuration>$<MeasureLatency>false</MeasureLatency>$<MeasureLatency>true</MeasureLatency>$<RandSeed>%u</RandSeed>$<Targets>$<ThreadCount>%u</ThreadCount>$<TimeSpan>$<Warmup>%u</Warmup>
                                                                                                                                                                                            • API String ID: 2907819478-3937871512
                                                                                                                                                                                            • Opcode ID: fdd4165d3a0045021ac925981a93015bd5a755894a091499136b7ff9d87e328b
                                                                                                                                                                                            • Instruction ID: 8cd5d6cd15cdab7b2f5c7c09dbe71c8ab158c4fd091d463c7fe839afdc59fda0
                                                                                                                                                                                            • Opcode Fuzzy Hash: fdd4165d3a0045021ac925981a93015bd5a755894a091499136b7ff9d87e328b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B91FB72D002587BCB24EB608D46FAF73FCEB44350F14256DF549B3242DA76AE868B60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECFFFD Relevance: 45.9, APIs: 1, Strings: 25, Instructions: 367COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED0004
                                                                                                                                                                                              • Part of subcall function 00ED086D: __EH_prolog3_GS.LIBCMT ref: 00ED0877
                                                                                                                                                                                              • Part of subcall function 00ED086D: memset.MSVCRT ref: 00ED090E
                                                                                                                                                                                              • Part of subcall function 00ED086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00ED0949
                                                                                                                                                                                              • Part of subcall function 00ED086D: SysFreeString.OLEAUT32(?), ref: 00ED097D
                                                                                                                                                                                              • Part of subcall function 00ED086D: VariantClear.OLEAUT32(?), ref: 00ED098A
                                                                                                                                                                                              • Part of subcall function 00ED06E9: __EH_prolog3_GS.LIBCMT ref: 00ED06F0
                                                                                                                                                                                              • Part of subcall function 00ED06E9: _wtoi.MSVCRT ref: 00ED075A
                                                                                                                                                                                              • Part of subcall function 00ED06E9: SysFreeString.OLEAUT32(?), ref: 00ED0769
                                                                                                                                                                                              • Part of subcall function 00ED06E9: VariantClear.OLEAUT32(?), ref: 00ED0773
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3_$ClearFreeStringVariant$ByteCharMultiWide_wtoimemset
                                                                                                                                                                                            • String ID: BaseFileOffset$BlockSize$BurstSize$DisableAllCache$DisableLocalCache$DisableOSCache$FileSize$IOPriority$InterlockedSequential$MaxFileSize$ParallelAsyncIO$Path$Random$RandomAccess$RequestCount$SequentialScan$StrideSize$TemporaryFile$ThinkTime$ThreadStride$ThreadsPerFile$Throughput$UseLargePages$WriteRatio$WriteThrough
                                                                                                                                                                                            • API String ID: 283221528-1607452813
                                                                                                                                                                                            • Opcode ID: dd5f1a01ac64d9db7d5d6587313651649ce4973f95d2147c775d1ed3fc6413d5
                                                                                                                                                                                            • Instruction ID: 76c7aa36976277b9d47469618577adc5271ee23dea0d6ae6d5c521a2ddb09c5f
                                                                                                                                                                                            • Opcode Fuzzy Hash: dd5f1a01ac64d9db7d5d6587313651649ce4973f95d2147c775d1ed3fc6413d5
                                                                                                                                                                                            • Instruction Fuzzy Hash: EFD19272C02726AECB25DA68C895FDEB7A8EB04700F092117FD64B7342D7B1EC168791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED5E88 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 161COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ??3@$Xmemstd::tr1::_$mallocmemmove
                                                                                                                                                                                            • String ID: `f-$`f-$`f-$f-$f-
                                                                                                                                                                                            • API String ID: 4037358618-61317601
                                                                                                                                                                                            • Opcode ID: dc3a67e981ca915ff44d80bfb3458ff8b625bdca88084549cf1bb0e251092a27
                                                                                                                                                                                            • Instruction ID: 9fc4bdb2dac0e45549b64b82280223dd8e3c748fc0277ad9bf035981e18c4086
                                                                                                                                                                                            • Opcode Fuzzy Hash: dc3a67e981ca915ff44d80bfb3458ff8b625bdca88084549cf1bb0e251092a27
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7141D072600614EFCB24DF68C98195AFBEDEF8A760B24416BF904AB344DB71DD01CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1B60 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 181COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ED1C76
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Thread %u failed executing an I/O operation (error code: %u), xrefs: 00ED1B8D
                                                                                                                                                                                            • t[%u:%u] new I/O op at %I64u (starting in block: %I64u), xrefs: 00ED1C90
                                                                                                                                                                                            • read, xrefs: 00ED1D71, 00ED1D84
                                                                                                                                                                                            • t[%u:%u] error during %s error code: %u), xrefs: 00ED1D8C
                                                                                                                                                                                            • Warning: thread %u transferred %u bytes instead of %u bytes, xrefs: 00ED1BDF
                                                                                                                                                                                            • write, xrefs: 00ED1D78
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID: Thread %u failed executing an I/O operation (error code: %u)$Warning: thread %u transferred %u bytes instead of %u bytes$read$t[%u:%u] error during %s error code: %u)$t[%u:%u] new I/O op at %I64u (starting in block: %I64u)$write
                                                                                                                                                                                            • API String ID: 885266447-1044934336
                                                                                                                                                                                            • Opcode ID: b9609c1a8fe5b55bbacb64d005d1364a6a46b37cf8b04b51ca37875035439b4f
                                                                                                                                                                                            • Instruction ID: da5acf2399ab46615c3186290cd4431e759dedc17b7ed2a61b468e486e194fcd
                                                                                                                                                                                            • Opcode Fuzzy Hash: b9609c1a8fe5b55bbacb64d005d1364a6a46b37cf8b04b51ca37875035439b4f
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC714C75504200AFCB14DF59C884E6ABBE6FF89314F0954AEF848AB366C731EC46CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED0FB0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85synchronizationCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000,?,?), ref: 00ED0FD6
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED0FE3
                                                                                                                                                                                            • DeviceIoControl.KERNEL32(?,00074004,00000000,00000000,?,00000020,?,00000003), ref: 00ED1015
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED1021
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00ED1033
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED103D
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00ED1060
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • ERROR: Could not obtain partition info (error code: %u), xrefs: 00ED1051
                                                                                                                                                                                            • ERROR: Failed while waiting for event to be signaled (error code: %u), xrefs: 00ED1044
                                                                                                                                                                                            • ERROR: Failed to create event (error code: %u), xrefs: 00ED0FEA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CloseControlCreateDeviceEventHandleObjectSingleWait
                                                                                                                                                                                            • String ID: ERROR: Could not obtain partition info (error code: %u)$ERROR: Failed to create event (error code: %u)$ERROR: Failed while waiting for event to be signaled (error code: %u)
                                                                                                                                                                                            • API String ID: 3935222316-1037057180
                                                                                                                                                                                            • Opcode ID: c9e0a415f4c2b573731d36ab2cf54ec63afcfeb1f112d200fad8dec40186ba21
                                                                                                                                                                                            • Instruction ID: 6b24a0e06d335eb7eed28764a05053e8e7e5034f2f687d87cb5dfb1327206167
                                                                                                                                                                                            • Opcode Fuzzy Hash: c9e0a415f4c2b573731d36ab2cf54ec63afcfeb1f112d200fad8dec40186ba21
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4321C831900288BF97209FA5DC49EAFBB7DEB84710B10515EFA01F6290DA305D46C6A5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED057C Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED0583
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ED06CC
                                                                                                                                                                                              • Part of subcall function 00ED0790: __EH_prolog3_GS.LIBCMT ref: 00ED0797
                                                                                                                                                                                              • Part of subcall function 00ED0790: _wtoi.MSVCRT ref: 00ED081D
                                                                                                                                                                                              • Part of subcall function 00ED0790: SysFreeString.OLEAUT32(?), ref: 00ED082C
                                                                                                                                                                                              • Part of subcall function 00ED0790: SysFreeString.OLEAUT32(?), ref: 00ED083D
                                                                                                                                                                                            • fprintf.MSVCRT ref: 00ED066A
                                                                                                                                                                                            • fprintf.MSVCRT ref: 00ED0692
                                                                                                                                                                                              • Part of subcall function 00EDD7CD: __iob_func.MSVCRT ref: 00EDD7D2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Processor, xrefs: 00ED0643
                                                                                                                                                                                            • Affinity/AffinityGroupAssignment, xrefs: 00ED0592
                                                                                                                                                                                            • ERROR: profile specifies group assignment to core %u, out of range, xrefs: 00ED065C
                                                                                                                                                                                            • Group, xrefs: 00ED0629
                                                                                                                                                                                            • ERROR: profile specifies group assignment group %u, out of range, xrefs: 00ED0684
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3_String$ClearFreeVariantfprintf$AllocByteCharMultiWide__iob_func_wtoifree
                                                                                                                                                                                            • String ID: Affinity/AffinityGroupAssignment$ERROR: profile specifies group assignment group %u, out of range$ERROR: profile specifies group assignment to core %u, out of range$Group$Processor
                                                                                                                                                                                            • API String ID: 1108869389-696485494
                                                                                                                                                                                            • Opcode ID: 828b04223d1ebc70f17de147255fad4a689c45de84ab381a80bbff26576342fd
                                                                                                                                                                                            • Instruction ID: 002bc299bc12f164a8e48b31afa0c48b6d014e9cddfc9df90b58a7c18f8d2424
                                                                                                                                                                                            • Opcode Fuzzy Hash: 828b04223d1ebc70f17de147255fad4a689c45de84ab381a80bbff26576342fd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4841AC71D0122A9FDB14EFA4D845BAEBBB4EF48710F04102AE911B7361C735AE06CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1DA7 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 146fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ReadFileEx.KERNEL32(00000010,00000000,00000004,?,00ED1B60,000000B8,00000000,?), ref: 00ED1E66
                                                                                                                                                                                            • WriteFileEx.KERNEL32(00000010,00000000,?,00000000,00000004,?,00ED1B60,000000B8,00000000,?), ref: 00ED1E92
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED1EEE
                                                                                                                                                                                            • WaitForSingleObjectEx.KERNEL32(?,000000FF,00000001,000000B8,00000000,?), ref: 00ED1F20
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$ErrorLastObjectReadSingleWaitWrite
                                                                                                                                                                                            • String ID: Error in thread %u during WaitForSingleObjectEx (in completion routines)$read$t[%u:%u] error during %s error code: %u)$write
                                                                                                                                                                                            • API String ID: 781436170-3983133461
                                                                                                                                                                                            • Opcode ID: cc969ad141b6c441c9b33f04b8cfc0bf1de86d639381b4c8e5847c324787e6b5
                                                                                                                                                                                            • Instruction ID: 2c13e274a67b6c999dedd3b37a668d78cabafd5a45e826a5e63f230f0d0b8589
                                                                                                                                                                                            • Opcode Fuzzy Hash: cc969ad141b6c441c9b33f04b8cfc0bf1de86d639381b4c8e5847c324787e6b5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 52515A71E0021AAFCB14CF99C881AAEFBB5FF48314F1591AAE915B3751C731AC56CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECFE7D Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 125COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ECFE84
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ECFFE0
                                                                                                                                                                                              • Part of subcall function 00ED086D: __EH_prolog3_GS.LIBCMT ref: 00ED0877
                                                                                                                                                                                              • Part of subcall function 00ED086D: memset.MSVCRT ref: 00ED090E
                                                                                                                                                                                              • Part of subcall function 00ED086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00ED0949
                                                                                                                                                                                              • Part of subcall function 00ED086D: SysFreeString.OLEAUT32(?), ref: 00ED097D
                                                                                                                                                                                              • Part of subcall function 00ED086D: VariantClear.OLEAUT32(?), ref: 00ED098A
                                                                                                                                                                                              • Part of subcall function 00ECC383: memcmp.MSVCRT ref: 00ECC3AF
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClearH_prolog3_Variant$ByteCharMultiStringWide$AllocFreefreememcmpmemset
                                                                                                                                                                                            • String ID: Pattern$WriteBufferContent$random$sequential$zero
                                                                                                                                                                                            • API String ID: 1455204710-842192564
                                                                                                                                                                                            • Opcode ID: ee9e3be3291ab6bb188235cb23bd8b48262f2f0ab87cbd19ae539f3cf6128be0
                                                                                                                                                                                            • Instruction ID: 588d67e5f855495bac5989f4ad32653242d7697989b5b6622b4a0fbb3447084f
                                                                                                                                                                                            • Opcode Fuzzy Hash: ee9e3be3291ab6bb188235cb23bd8b48262f2f0ab87cbd19ae539f3cf6128be0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D417C31900259AFDB21EBA0D945FEE7BB9EF05320F15102DE901BB291DB726D46CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00EC9D90 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • printf.MSVCRT ref: 00EC9DA0
                                                                                                                                                                                            • SetEvent.KERNEL32 ref: 00EC9DAD
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00EC9DB7
                                                                                                                                                                                              • Part of subcall function 00EDD7CD: __iob_func.MSVCRT ref: 00EDD7D2
                                                                                                                                                                                            • fprintf.MSVCRT ref: 00EC9DCC
                                                                                                                                                                                            • SetConsoleCtrlHandler.KERNEL32(00EC9D90,00000000), ref: 00EC9DDC
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Warning: Setting abort event failed (error code: %u), xrefs: 00EC9DBE
                                                                                                                                                                                            • *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***, xrefs: 00EC9D9B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleCtrlErrorEventHandlerLast__iob_funcfprintfprintf
                                                                                                                                                                                            • String ID: *** Interrupted by Ctrl-C. Stopping I/O Request Generator. ***$Warning: Setting abort event failed (error code: %u)
                                                                                                                                                                                            • API String ID: 2832824574-2030963000
                                                                                                                                                                                            • Opcode ID: 17f6c5570fd449c434937ad2b31c3452823bae372d594d284f535fb03dfad39d
                                                                                                                                                                                            • Instruction ID: 01df086062ed4707b88413857d5310d810f2d93b7094619b0262d74afcd84765
                                                                                                                                                                                            • Opcode Fuzzy Hash: 17f6c5570fd449c434937ad2b31c3452823bae372d594d284f535fb03dfad39d
                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F03031644288AFD3102FB2BD4EF263A5DDB04715F50541DF616F80E3EBB2449A8521
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED8DF8 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 163COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00ED834C: memset.MSVCRT ref: 00ED8379
                                                                                                                                                                                              • Part of subcall function 00ED834C: vsprintf_s.MSVCRT ref: 00ED838D
                                                                                                                                                                                            • sprintf_s.MSVCRT ref: 00ED8F18
                                                                                                                                                                                            • sprintf_s.MSVCRT ref: 00ED8FED
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • %4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 00ED8F0D
                                                                                                                                                                                            • -------------------------------------------, xrefs: 00ED8E50, 00ED8F90
                                                                                                                                                                                            • CPU | Usage | User | Kernel | Idle, xrefs: 00ED8E41
                                                                                                                                                                                            • avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%, xrefs: 00ED8FE2
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: sprintf_s$memsetvsprintf_s
                                                                                                                                                                                            • String ID: CPU | Usage | User | Kernel | Idle$%4u| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%$-------------------------------------------$avg.| %6.2lf%%| %6.2lf%%| %6.2lf%%| %6.2lf%%
                                                                                                                                                                                            • API String ID: 1157834829-6584663
                                                                                                                                                                                            • Opcode ID: 600503043b9072b9e7d74341cd5df3e338512223ba8543eccaae77cb881be88d
                                                                                                                                                                                            • Instruction ID: 726c443ed5f9b25e1b6ea436712e457a8ffa98ae88b87ccb43487aeee0fbc685
                                                                                                                                                                                            • Opcode Fuzzy Hash: 600503043b9072b9e7d74341cd5df3e338512223ba8543eccaae77cb881be88d
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC51BF71A08B45ABD3057F25D549A5ABBF8FF84380F205C8DF1C46116AEF328975CB86
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1250 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,?,?), ref: 00ED1273
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED1280
                                                                                                                                                                                            • DeviceIoControl.KERNEL32(00000000,000902B8,00000000,00000000,00000000,00000000,00000000,?), ref: 00ED1297
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED12A1
                                                                                                                                                                                            • GetOverlappedResult.KERNEL32(00000000,?,00000000,00000001), ref: 00ED12BC
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00ED12C6
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00ED12DC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CloseControlCreateDeviceEventHandleOverlappedResult
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2847295715-0
                                                                                                                                                                                            • Opcode ID: 52bbbb723b224492f4b4af36fc6af0122e62a16ee71ad6adf29e0b3b1a11ba77
                                                                                                                                                                                            • Instruction ID: 1fae12627e604513f665a2ba198c08945b28a5fe403b4c59096da381779e246b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 52bbbb723b224492f4b4af36fc6af0122e62a16ee71ad6adf29e0b3b1a11ba77
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD119171A00259BFD7209FA6DC88AEFBABDEB04355F001066FA05F62A0E6714E45D6E1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED5EFA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ??3@YAXPAX@Z.MSVCRT ref: 00ED5F4B
                                                                                                                                                                                            • std::tr1::_Xmem.LIBCPMT ref: 00ED5F70
                                                                                                                                                                                              • Part of subcall function 00EDCA2B: malloc.MSVCRT ref: 00EDCA42
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ??3@Xmemmallocstd::tr1::_
                                                                                                                                                                                            • String ID: `f-$`f-$f-$f-
                                                                                                                                                                                            • API String ID: 1885858825-2108201678
                                                                                                                                                                                            • Opcode ID: 0d1f77cdf7df4af71a09a11e2177cd1a9972c54cdc442af6aa5f0c8173e5a5e7
                                                                                                                                                                                            • Instruction ID: 1e10b3afa2b194841e1eb81a972adc3a1daaf6315fa1d37d5e37ed2016e0c21c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0d1f77cdf7df4af71a09a11e2177cd1a9972c54cdc442af6aa5f0c8173e5a5e7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 66012273604624AFCB18DFACC982A0ABBEDDF85720B14415BF804EF304DA70DD01CAA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECF15E Relevance: 9.1, APIs: 6, Instructions: 102memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                            • VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                            • malloc.MSVCRT ref: 00ECF1E8
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                            • free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocByteCharClearH_prolog3_MultiStringVariantWidefreemalloc
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1623262104-0
                                                                                                                                                                                            • Opcode ID: 4230b86c00320ab2078a42f31ee341b298952fa2e933dea57674e092bf2c4a57
                                                                                                                                                                                            • Instruction ID: bb2754d1289e30bfc8f0070098b03ac51037bc6c70b1d3ed2b1c7a66bb797f58
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4230b86c00320ab2078a42f31ee341b298952fa2e933dea57674e092bf2c4a57
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E31053590020ACFDF189F64DD85BAD77E6EF85324B24512EE914FF2A2DA728D06CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECCC0B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block, xrefs: 00ECCCC1
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __aulldiv$fprintftoupper
                                                                                                                                                                                            • String ID: Invalid size specifier '%c'. Valid ones are: K - KB, M - MB, G - GB, B - block
                                                                                                                                                                                            • API String ID: 2363179844-1600532622
                                                                                                                                                                                            • Opcode ID: 992f3b6e2b9b4a9ed43b4d50a5fc828ab1350609cee175456d1ee7737809a99f
                                                                                                                                                                                            • Instruction ID: 897012f0f0264b72fc70181e648c0cfa819a3b2a8740d2733ddabcf187c95a8b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 992f3b6e2b9b4a9ed43b4d50a5fc828ab1350609cee175456d1ee7737809a99f
                                                                                                                                                                                            • Instruction Fuzzy Hash: E04128715442519EC720CE288904FABBFD4EBC6764F35562EF8AEBB250D2329803C796
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECFD31 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ECFD38
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ECFE60
                                                                                                                                                                                              • Part of subcall function 00ED09AA: __EH_prolog3_GS.LIBCMT ref: 00ED09B1
                                                                                                                                                                                              • Part of subcall function 00ED09AA: _wtoi64.MSVCRT ref: 00ED0A1B
                                                                                                                                                                                              • Part of subcall function 00ED09AA: SysFreeString.OLEAUT32(?), ref: 00ED0A2D
                                                                                                                                                                                              • Part of subcall function 00ED09AA: VariantClear.OLEAUT32(?), ref: 00ED0A37
                                                                                                                                                                                              • Part of subcall function 00ED086D: __EH_prolog3_GS.LIBCMT ref: 00ED0877
                                                                                                                                                                                              • Part of subcall function 00ED086D: memset.MSVCRT ref: 00ED090E
                                                                                                                                                                                              • Part of subcall function 00ED086D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00ED0949
                                                                                                                                                                                              • Part of subcall function 00ED086D: SysFreeString.OLEAUT32(?), ref: 00ED097D
                                                                                                                                                                                              • Part of subcall function 00ED086D: VariantClear.OLEAUT32(?), ref: 00ED098A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClearH_prolog3_Variant$String$ByteCharFreeMultiWide$Alloc_wtoi64freememset
                                                                                                                                                                                            • String ID: FilePath$RandomDataSource$SizeInBytes
                                                                                                                                                                                            • API String ID: 315616386-221587684
                                                                                                                                                                                            • Opcode ID: 5cbe56eec1e0aefb5f0bb9e3e42163ced144274938fa079393093b5afe414559
                                                                                                                                                                                            • Instruction ID: fb2475a8138dc46ae4b0dbf638e1a44996eff2ccd237c0be7d6e3af293c179eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cbe56eec1e0aefb5f0bb9e3e42163ced144274938fa079393093b5afe414559
                                                                                                                                                                                            • Instruction Fuzzy Hash: 15419F31D012289FCB11EBA8C955FEDBBB5EF48720F05112DE915BB251D7316D0ACBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED0475 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED047C
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • _wtoi.MSVCRT ref: 00ED052F
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED0543
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ED055F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Affinity/AffinityAssignment, xrefs: 00ED048B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                            • String ID: Affinity/AffinityAssignment
                                                                                                                                                                                            • API String ID: 1474463088-139104479
                                                                                                                                                                                            • Opcode ID: 2452d6ade3af32967213bff7cd559a10c42450fb608655f2dad8bf19a93c3ceb
                                                                                                                                                                                            • Instruction ID: 38300606beafb0b17b11ed35325bbdba36e145071c7a01a0c72f00e8b2b0ec6f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2452d6ade3af32967213bff7cd559a10c42450fb608655f2dad8bf19a93c3ceb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 42314F7190162ADFDB15DF94D885AAEBBB9EF48310F055059E906B7350DB30AD06CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED0A84 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED0A8B
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • _wcsicmp.MSVCRT ref: 00ED0AFA
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED0B10
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ED0B1A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wcsicmpfree
                                                                                                                                                                                            • String ID: true
                                                                                                                                                                                            • API String ID: 1156377413-4261170317
                                                                                                                                                                                            • Opcode ID: 3e73c356a9a29a918bf3c5ae4950df3eb5762b77c8f2b8d58398b2fcfebcb87b
                                                                                                                                                                                            • Instruction ID: 612e53371463a9cb3e89c8311d0126e754dcfa779b54504d7b85390f1368e03f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3e73c356a9a29a918bf3c5ae4950df3eb5762b77c8f2b8d58398b2fcfebcb87b
                                                                                                                                                                                            • Instruction Fuzzy Hash: F5117F31D0125EDFDF059FA8C845AEE7BB5EF08714F015049F611BB291DB31A906CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED566F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 26COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::tr1::_Xmem.LIBCPMT ref: 00ED569D
                                                                                                                                                                                              • Part of subcall function 00EDCA2B: malloc.MSVCRT ref: 00EDCA42
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Xmemmallocstd::tr1::_
                                                                                                                                                                                            • String ID: `f-$`f-$`f-$`f-
                                                                                                                                                                                            • API String ID: 257571584-3386816253
                                                                                                                                                                                            • Opcode ID: 2eed2c4406c7d294464ca261f4af94231f5a40d232a5c5b8e446d7dc9136c5e0
                                                                                                                                                                                            • Instruction ID: 4ed2ed94e96fd659a714afec3d7504d6645c2480a7aa2434340087c1caac8bcd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2eed2c4406c7d294464ca261f4af94231f5a40d232a5c5b8e446d7dc9136c5e0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 68D05E7230870F4B9B1C65ADA42652E76CCCB947607A4283B742AEA780ED20DC02881A
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED086D Relevance: 7.6, APIs: 5, Instructions: 86COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED0877
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • memset.MSVCRT ref: 00ED090E
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000103,00000000,00000000), ref: 00ED0949
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED097D
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ED098A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharClearH_prolog3_MultiStringVariantWide$AllocFreefreememset
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3350116639-0
                                                                                                                                                                                            • Opcode ID: aeea64f7cf31b142fb062ee6217a386a35e2855b0e2479bcefec019465c06199
                                                                                                                                                                                            • Instruction ID: ad90d92aa2cfeeb9c33f4e38c8ae5bd74afa142afb3d6801d537ba17479cff60
                                                                                                                                                                                            • Opcode Fuzzy Hash: aeea64f7cf31b142fb062ee6217a386a35e2855b0e2479bcefec019465c06199
                                                                                                                                                                                            • Instruction Fuzzy Hash: CA318E319001299BDB25EB24CC55FDEB779EF85704F044099FA0AB7251DA716F86CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED13B6 Relevance: 6.3, APIs: 5, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: rand
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 415692148-0
                                                                                                                                                                                            • Opcode ID: 3b8c4dc83bda0f948de00856d3b50d1e4cb4e2fdf1533d4b1b1d25a1f8c3847f
                                                                                                                                                                                            • Instruction ID: 4aaa37156dc7541146612f92d7c798c30ffae9a38694626446c79251f86c2de9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b8c4dc83bda0f948de00856d3b50d1e4cb4e2fdf1533d4b1b1d25a1f8c3847f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3401FC73E1226D6FE3449FA5CCC63297696DB84210F0A0174F73CEB181C9385D2165D1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED1490 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __aullrem$__aulldiv
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3670715282-0
                                                                                                                                                                                            • Opcode ID: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                            • Instruction ID: 6350ed17ed019db364d9c29cf8b3a7a4e32172e3050b25c06f2b0bb2f9548279
                                                                                                                                                                                            • Opcode Fuzzy Hash: 754fef53222c85af97132c4c6f2970ad45c246b85e278bd0114cd496febdb416
                                                                                                                                                                                            • Instruction Fuzzy Hash: 925159B1A08311AFC710CF18D580A1ABBE6EFC8354F16569EF884A7312CB30EC55CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED0790 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED0797
                                                                                                                                                                                              • Part of subcall function 00ECF10B: SysFreeString.OLEAUT32 ref: 00ECF143
                                                                                                                                                                                            • _wtoi.MSVCRT ref: 00ED081D
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED082C
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED083D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FreeString$H_prolog3__wtoi
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2138719750-0
                                                                                                                                                                                            • Opcode ID: 8abc3ffae9727594d1b4ea96c9c4edde1df772f9a76105dbb1f91c8bd17a2090
                                                                                                                                                                                            • Instruction ID: 98a1c35dd9785c9d40b48857d961c4d2a11a9d5071bf6aedeff7f123f9c109c0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8abc3ffae9727594d1b4ea96c9c4edde1df772f9a76105dbb1f91c8bd17a2090
                                                                                                                                                                                            • Instruction Fuzzy Hash: CA212F35A0120ADFDF05DF54CC58AAD7BB5EF44314F154059E511B72A0CB31AE46DB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED09AA Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED09B1
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • _wtoi64.MSVCRT ref: 00ED0A1B
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED0A2D
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ED0A37
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoi64free
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 109575796-0
                                                                                                                                                                                            • Opcode ID: c5feb87d4177f478c8a1e4b9ff472800216f6153755e09e14c11466f7559bf57
                                                                                                                                                                                            • Instruction ID: 3a842ad16604a1dae8eeb5eeeac809e70453397c2ab05a748030986af3fa152c
                                                                                                                                                                                            • Opcode Fuzzy Hash: c5feb87d4177f478c8a1e4b9ff472800216f6153755e09e14c11466f7559bf57
                                                                                                                                                                                            • Instruction Fuzzy Hash: 90113A71D0121ADFCF05DFA4C854AADBBB5EF48314F019059E615BB360DB31AD06CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED06E9 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ED06F0
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • _wtoi.MSVCRT ref: 00ED075A
                                                                                                                                                                                            • SysFreeString.OLEAUT32(?), ref: 00ED0769
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ED0773
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ClearH_prolog3_StringVariant$AllocByteCharFreeMultiWide_wtoifree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1474463088-0
                                                                                                                                                                                            • Opcode ID: ef964b2c73c5db43ec8f1198566941a6fd107946ba2106e9c9a462f12ec65e9f
                                                                                                                                                                                            • Instruction ID: 184fabdce9b5bf1dee0d3f611ba3103667bd733e224b56f956eaed0454dbe252
                                                                                                                                                                                            • Opcode Fuzzy Hash: ef964b2c73c5db43ec8f1198566941a6fd107946ba2106e9c9a462f12ec65e9f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 93114C31D0121ADFCF05EFA4C844AAD7BB5EF08314F014059EA11BB360DB31A906CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECF06F Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,00000000), ref: 00ECF088
                                                                                                                                                                                            • SysAllocStringLen.OLEAUT32(00000000,-00000001), ref: 00ECF096
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,00000000,?,?,000000FF,00000000,00000000), ref: 00ECF0AC
                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00ECF0B8
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$AllocFree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 447844807-0
                                                                                                                                                                                            • Opcode ID: 85b973941c5127d676ef32fd07cd55781766c4706bac972dc99b283f9e21e363
                                                                                                                                                                                            • Instruction ID: b14f3529d02106cc2b819c553579f2039bf10bb69c4baa527bf59bb37702c43d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 85b973941c5127d676ef32fd07cd55781766c4706bac972dc99b283f9e21e363
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BF0A432205119BF97214B979C8DEABBE6DEB86B70B20022DF519E31D0DA725D05D2B1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECEA9A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ??3@Xmemstd::tr1::_
                                                                                                                                                                                            • String ID: 8
                                                                                                                                                                                            • API String ID: 2676974237-4194326291
                                                                                                                                                                                            • Opcode ID: bdeb96fea13bb7b08983ee271127e4533143d9e2aeb1703546387cee3048a69d
                                                                                                                                                                                            • Instruction ID: 398e87222c2abbc7b85ff89a7d0df518b81d623154f8b0dde4f53f58486e17cc
                                                                                                                                                                                            • Opcode Fuzzy Hash: bdeb96fea13bb7b08983ee271127e4533143d9e2aeb1703546387cee3048a69d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A31E6B6B012169FCB18DFA9CA8596DFBE9EF98310B24512EE906F3300D671ED01C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ECFBF6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00ECFC00
                                                                                                                                                                                              • Part of subcall function 00ECF15E: __EH_prolog3_GS.LIBCMT ref: 00ECF165
                                                                                                                                                                                              • Part of subcall function 00ECF15E: VariantClear.OLEAUT32 ref: 00ECF17A
                                                                                                                                                                                              • Part of subcall function 00ECF15E: MultiByteToWideChar.KERNEL32(00000003,00000000,?,000000FF,-00000008,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF215
                                                                                                                                                                                              • Part of subcall function 00ECF15E: SysAllocString.OLEAUT32(00000000), ref: 00ECF228
                                                                                                                                                                                              • Part of subcall function 00ECF15E: free.MSVCRT(00000000,?,00000014,00ED0AA9,?,00000020,00ECF785,?,//Profile/ETW/Process,?), ref: 00ECF257
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00ECFD1C
                                                                                                                                                                                              • Part of subcall function 00ECFFFD: __EH_prolog3_GS.LIBCMT ref: 00ED0004
                                                                                                                                                                                              • Part of subcall function 00ECCA85: __EH_prolog3_GS.LIBCMT ref: 00ECCA8F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3_$ClearVariant$AllocByteCharMultiStringWidefree
                                                                                                                                                                                            • String ID: Targets/Target
                                                                                                                                                                                            • API String ID: 2883521150-4232948680
                                                                                                                                                                                            • Opcode ID: a36477ff261d5ce279a2c2c1032c485c6aee082083bb90ef8cb646bb5e3502fc
                                                                                                                                                                                            • Instruction ID: d96d5fe02a382e07eea608b29b03f2891c6a6594294366fa36dd2beeb74ba3d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: a36477ff261d5ce279a2c2c1032c485c6aee082083bb90ef8cb646bb5e3502fc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D313531901269DFEB25EB64CD44FADB7B5AF44300F0141EAE90AB7251CB316E8ACF60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00EDC7D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 00EDC7F2
                                                                                                                                                                                            • _CxxThrowException.MSVCRT(?,00EE0758), ref: 00EDC845
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • IoBucketizer has not been initialized, xrefs: 00EDC82F
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionThrow__aulldiv
                                                                                                                                                                                            • String ID: IoBucketizer has not been initialized
                                                                                                                                                                                            • API String ID: 1607158013-2369748627
                                                                                                                                                                                            • Opcode ID: 6973e0183baffa345de0ffea05f24c84c46376af85b072b1ac6a80fb005b72b4
                                                                                                                                                                                            • Instruction ID: 787a8d24ef19baf25fffd65efe46aca1051a5753c6c7685ea2f200244bbdc14e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6973e0183baffa345de0ffea05f24c84c46376af85b072b1ac6a80fb005b72b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38019E32900118EBCB14EE54C8C1D99F7A9FB48361B1591A2F919BF216D731F812DBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ED31FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetEvent.KERNEL32(00000000), ref: 00ED3212
                                                                                                                                                                                              • Part of subcall function 00ED31AA: TerminateThread.KERNEL32(?,00000000), ref: 00ED31C9
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Error signaling start event, xrefs: 00ED321C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000A.00000002.2082346864.0000000000EC1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00EC0000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082336922.0000000000EC0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082364853.0000000000EE1000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000A.00000002.2082376786.0000000000EE2000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_10_2_ec0000_diskspd.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: EventTerminateThread
                                                                                                                                                                                            • String ID: Error signaling start event
                                                                                                                                                                                            • API String ID: 2007589259-38563648
                                                                                                                                                                                            • Opcode ID: 4e38847971004b9a7749654dccfe1fd127e7ccbc6a52e2c9bf54af86c54b9ab4
                                                                                                                                                                                            • Instruction ID: ad3bdd7495e86c4d8ffde49125292b3936e735e4ab01ae481c51fe6366139d6d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e38847971004b9a7749654dccfe1fd127e7ccbc6a52e2c9bf54af86c54b9ab4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 61E0D830404389EED7002F62DC4AB983765EB10754F50900EF505783F1D7B159DAC652
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:2%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:6.6%
                                                                                                                                                                                            Total number of Nodes:1643
                                                                                                                                                                                            Total number of Limit Nodes:23
                                                                                                                                                                                            execution_graph 14748 122910 14749 12295a RegisterServiceCtrlHandlerExW 14748->14749 14754 122919 14748->14754 14750 122ab0 14749->14750 14751 122979 SetServiceStatus CreateEventW 14749->14751 14752 1229e5 GetLastError SetServiceStatus 14751->14752 14753 122a1b SetServiceStatus CreateThread WaitForSingleObject CloseHandle SetServiceStatus 14751->14753 14753->14750 14755 122e40 WaitForSingleObject 14753->14755 14754->14749 14756 122eb5 14755->14756 14760 122e5e 14755->14760 14757 122e64 WTSGetActiveConsoleSessionId wsprintfW 14758 122e9c Sleep WaitForSingleObject 14757->14758 14757->14760 14758->14756 14758->14757 14760->14757 14760->14758 14762 1223a0 14760->14762 14789 122b30 WTSGetActiveConsoleSessionId 14760->14789 14774 122400 error_info_injector std::locale::_Setgloballocale 14762->14774 14763 122404 CloseHandle 14763->14774 14765 122462 CreateToolhelp32Snapshot 14766 12249a Process32FirstW 14765->14766 14765->14774 14767 122573 FindCloseChangeNotification 14766->14767 14766->14774 14767->14774 14768 122890 14905 12fa73 14768->14905 14770 12254c Process32NextW 14770->14774 14771 1225f6 OpenProcess 14773 122616 K32GetProcessImageFileNameW 14771->14773 14784 122628 error_info_injector 14771->14784 14773->14784 14774->14763 14774->14765 14774->14767 14774->14768 14774->14770 14774->14771 14778 122666 GetLastError 14774->14778 14779 12274d GetProcessTimes 14774->14779 14780 122841 14774->14780 14783 1226fb Sleep 14774->14783 14788 1227e7 Sleep 14774->14788 14817 123020 14774->14817 14836 123ad0 14774->14836 14777 12263b CloseHandle 14777->14771 14777->14784 14778->14780 14781 122675 Sleep 14778->14781 14779->14780 14782 12279b GetSystemTimeAsFileTime 14779->14782 14780->14768 14785 12286a error_info_injector 14780->14785 14781->14774 14781->14784 14782->14774 14782->14780 14783->14774 14783->14784 14784->14768 14784->14774 14784->14777 14851 121d20 14784->14851 14786 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14785->14786 14787 12288c 14786->14787 14787->14760 14788->14774 14788->14784 14790 122b6b WTSQueryUserToken 14789->14790 14791 122b58 14789->14791 14793 122b81 GetTokenInformation 14790->14793 14794 122e04 GetLastError wsprintfW 14790->14794 14792 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14791->14792 14796 122b67 14792->14796 14797 122be6 DuplicateTokenEx 14793->14797 14798 122bbd GetLastError wsprintfW 14793->14798 14795 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14794->14795 14799 122e31 14795->14799 14796->14760 14801 122c0e wsprintfW 14797->14801 14802 122c1d ConvertStringSidToSidW 14797->14802 14800 122c9f CloseHandle 14798->14800 14799->14760 14805 122dcb GetLastError wsprintfW CloseHandle CloseHandle 14800->14805 14809 122cc2 std::locale::_Setgloballocale 14800->14809 14801->14802 14803 122c56 GetLengthSid SetTokenInformation 14802->14803 14804 122c47 wsprintfW 14802->14804 14803->14800 14807 122c90 wsprintfW 14803->14807 14804->14803 14806 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14805->14806 14808 122e00 14806->14808 14807->14800 14808->14760 14810 122cf0 wsprintfW CreateProcessAsUserW 14809->14810 14811 122d86 GetLastError wsprintfW DestroyEnvironmentBlock CloseHandle CloseHandle 14810->14811 14812 122d3c CloseHandle CloseHandle DestroyEnvironmentBlock CloseHandle CloseHandle 14810->14812 14814 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14811->14814 14813 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14812->14813 14815 122d82 14813->14815 14816 122dc7 14814->14816 14815->14760 14816->14760 14820 123045 14817->14820 14818 12312c 14927 121200 14818->14927 14819 12306c _Yarn 14819->14774 14820->14818 14820->14819 14822 12309a 14820->14822 14824 123127 14820->14824 14827 1230e9 14820->14827 14822->14824 14828 1230d1 14822->14828 14823 1230d7 14825 12fa73 39 API calls 14823->14825 14834 1230de _Yarn 14823->14834 14921 121160 14824->14921 14832 123136 14825->14832 14831 12ae52 std::_Facet_Register 41 API calls 14827->14831 14827->14834 14910 12ae52 14828->14910 14829 123166 error_info_injector 14829->14774 14831->14834 14832->14829 14833 12fa73 39 API calls 14832->14833 14835 12318a 14833->14835 14834->14774 14835->14774 14837 123c19 14836->14837 14838 123af9 14836->14838 14971 123f80 14837->14971 14840 123c14 14838->14840 14843 123b64 14838->14843 14844 123b3d 14838->14844 14841 121160 Concurrency::cancel_current_task 41 API calls 14840->14841 14841->14837 14842 12fa73 39 API calls 14845 123c23 14842->14845 14848 12ae52 std::_Facet_Register 41 API calls 14843->14848 14849 123b4e _Yarn 14843->14849 14844->14840 14846 123b48 14844->14846 14847 12ae52 std::_Facet_Register 41 API calls 14846->14847 14847->14849 14848->14849 14849->14842 14850 123beb error_info_injector 14849->14850 14850->14774 14977 12a5e0 14851->14977 14853 121d6b 14989 123200 14853->14989 14855 121d80 14856 12ae52 std::_Facet_Register 41 API calls 14855->14856 14857 121dec 14856->14857 15024 123910 14857->15024 14859 121e75 14860 121ec5 error_info_injector 14859->14860 14862 122314 14859->14862 14861 123020 41 API calls 14860->14861 14868 121f45 14861->14868 14863 12fa73 39 API calls 14862->14863 14864 122319 14863->14864 14865 12fa73 39 API calls 14864->14865 14866 12231e 14865->14866 14871 12fa73 39 API calls 14866->14871 14867 122031 15052 1245f0 14867->15052 14868->14867 14879 1221da error_info_injector 14868->14879 15037 125840 14868->15037 14873 122323 14871->14873 14872 12236e error_info_injector 14872->14784 14873->14872 14874 12fa73 39 API calls 14873->14874 14902 122397 error_info_injector std::locale::_Setgloballocale 14874->14902 14875 12229e error_info_injector 14876 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14875->14876 14877 122310 14876->14877 14877->14784 14878 122048 error_info_injector 14878->14864 14878->14879 14879->14866 14879->14875 14880 122404 CloseHandle 14880->14902 14881 123020 41 API calls 14881->14902 14882 122462 CreateToolhelp32Snapshot 14883 12249a Process32FirstW 14882->14883 14882->14902 14884 122573 FindCloseChangeNotification 14883->14884 14883->14902 14884->14902 14885 122890 14887 12fa73 39 API calls 14885->14887 14886 1225f6 OpenProcess 14890 122616 K32GetProcessImageFileNameW 14886->14890 14886->14902 14889 122895 14887->14889 14888 12254c Process32NextW 14888->14902 14890->14902 14891 121d20 73 API calls 14891->14902 14892 123ad0 41 API calls 14892->14902 14893 122666 GetLastError 14896 122841 14893->14896 14897 122675 Sleep 14893->14897 14894 12263b CloseHandle 14894->14886 14894->14902 14895 12274d GetProcessTimes 14895->14896 14898 12279b GetSystemTimeAsFileTime 14895->14898 14896->14885 14900 12286a error_info_injector 14896->14900 14897->14902 14898->14896 14898->14902 14899 1226fb Sleep 14899->14902 14901 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 14900->14901 14904 12288c 14901->14904 14902->14880 14902->14881 14902->14882 14902->14884 14902->14885 14902->14886 14902->14888 14902->14891 14902->14892 14902->14893 14902->14894 14902->14895 14902->14896 14902->14899 14903 1227e7 Sleep 14902->14903 14903->14902 14904->14784 14906 12f9af ___std_exception_copy 39 API calls 14905->14906 14907 12fa82 14906->14907 14908 12fa90 __Getcoll 11 API calls 14907->14908 14909 12fa8f 14908->14909 14914 12ae57 14910->14914 14912 12ae71 14912->14823 14913 130892 std::_Facet_Register 2 API calls 14913->14914 14914->14912 14914->14913 14916 121160 Concurrency::cancel_current_task 14914->14916 14941 1300fb 14914->14941 14915 12ae7d 14915->14915 14916->14915 14930 12c2fb 14916->14930 14918 12117c 14933 12bf61 14918->14933 14922 12116e Concurrency::cancel_current_task 14921->14922 14923 12c2fb Concurrency::cancel_current_task RaiseException 14922->14923 14924 12117c 14923->14924 14925 12bf61 ___std_exception_copy 40 API calls 14924->14925 14926 1211a3 14925->14926 14926->14818 14960 12a414 14927->14960 14931 12c342 RaiseException 14930->14931 14932 12c315 14930->14932 14931->14918 14932->14931 14934 12bf6e 14933->14934 14940 1211a3 14933->14940 14935 1300fb ___std_exception_copy 15 API calls 14934->14935 14934->14940 14936 12bf8b 14935->14936 14937 12bf9b 14936->14937 14948 13317a 14936->14948 14957 12f73c 14937->14957 14940->14823 14946 134f92 __Wcscoll 14941->14946 14942 134fd0 14944 12fb3e __Wcscoll 14 API calls 14942->14944 14943 134fbb HeapAlloc 14945 134fce 14943->14945 14943->14946 14944->14945 14945->14914 14946->14942 14946->14943 14947 130892 std::_Facet_Register 2 API calls 14946->14947 14947->14946 14949 133196 14948->14949 14950 133188 14948->14950 14951 12fb3e __Wcscoll 14 API calls 14949->14951 14950->14949 14955 1331ae 14950->14955 14952 13319e 14951->14952 14953 12fa63 ___std_exception_copy 39 API calls 14952->14953 14954 1331a8 14953->14954 14954->14937 14955->14954 14956 12fb3e __Wcscoll 14 API calls 14955->14956 14956->14952 14958 133adc ___free_lconv_mon 14 API calls 14957->14958 14959 12f754 14958->14959 14959->14940 14965 12a217 14960->14965 14963 12c2fb Concurrency::cancel_current_task RaiseException 14964 12a433 14963->14964 14968 12a1c7 14965->14968 14969 12bf61 ___std_exception_copy 40 API calls 14968->14969 14970 12a1f3 14969->14970 14970->14963 14972 12a414 41 API calls 14971->14972 14974 123f8a 14972->14974 14973 123fb9 error_info_injector 14973->14849 14974->14973 14975 12fa73 39 API calls 14974->14975 14976 123fe0 14975->14976 14978 12a5ec __EH_prolog3 14977->14978 15060 12a138 14978->15060 14983 12a60a 15072 12a765 14983->15072 14985 12a665 std::locale::_Setgloballocale 14985->14853 14988 12a628 15082 12a190 14988->15082 14990 12a138 std::_Lockit::_Lockit 7 API calls 14989->14990 14991 12323d 14990->14991 14992 12a138 std::_Lockit::_Lockit 7 API calls 14991->14992 14996 123280 14991->14996 14993 123260 14992->14993 14994 12a190 std::_Lockit::~_Lockit 2 API calls 14993->14994 14994->14996 14995 12a190 std::_Lockit::~_Lockit 2 API calls 14997 1232b5 14995->14997 15007 1232aa 14996->15007 15212 1236c0 14996->15212 14998 12a138 std::_Lockit::_Lockit 7 API calls 14997->14998 15000 1232c4 14998->15000 15006 12a138 std::_Lockit::_Lockit 7 API calls 15000->15006 15014 123309 15000->15014 15001 12336c 15002 123414 15001->15002 15003 123378 15001->15003 15286 121230 15002->15286 15249 12a5ae 15003->15249 15010 1232e9 15006->15010 15007->14995 15008 1233e4 15011 12a190 std::_Lockit::~_Lockit 2 API calls 15008->15011 15009 123419 15012 121230 Concurrency::cancel_current_task 41 API calls 15009->15012 15015 12a190 std::_Lockit::~_Lockit 2 API calls 15010->15015 15013 1233fc 15011->15013 15019 12341e 15012->15019 15013->14855 15014->15008 15252 121540 15014->15252 15015->15014 15016 12344a error_info_injector 15016->14855 15018 1233cc 15018->15009 15020 1233d4 15018->15020 15019->15016 15021 12fa73 39 API calls 15019->15021 15022 12a5ae std::_Facet_Register 41 API calls 15020->15022 15023 123472 15021->15023 15022->15008 15023->14855 15025 12ae52 std::_Facet_Register 41 API calls 15024->15025 15026 12394e 15025->15026 15491 124250 15026->15491 15029 1239b6 15033 12ae52 std::_Facet_Register 41 API calls 15029->15033 15030 123abe 15503 124000 15030->15503 15034 1239e6 15033->15034 15035 12ae52 std::_Facet_Register 41 API calls 15034->15035 15036 123a3e 15035->15036 15036->14859 15038 12595c 15037->15038 15044 125857 15037->15044 15039 123f80 41 API calls 15038->15039 15042 1258b4 _Yarn std::locale::_Setgloballocale 15039->15042 15040 125957 15041 121160 Concurrency::cancel_current_task 41 API calls 15040->15041 15041->15038 15043 12fa73 39 API calls 15042->15043 15051 125931 error_info_injector 15042->15051 15045 125966 15043->15045 15044->15040 15046 1258a3 15044->15046 15047 1258ca 15044->15047 15046->15040 15048 1258ae 15046->15048 15047->15042 15050 12ae52 std::_Facet_Register 41 API calls 15047->15050 15049 12ae52 std::_Facet_Register 41 API calls 15048->15049 15049->15042 15050->15042 15051->14867 15053 124600 15052->15053 15055 12460d 15052->15055 15515 124790 15053->15515 15057 124636 15055->15057 15521 126fa0 15055->15521 15058 124790 41 API calls 15057->15058 15059 1246b4 15057->15059 15058->15059 15059->14878 15061 12a147 15060->15061 15062 12a14e 15060->15062 15089 1300e4 15061->15089 15064 12a14c 15062->15064 15094 12ac7d EnterCriticalSection 15062->15094 15064->14988 15066 12a742 15064->15066 15067 12ae52 std::_Facet_Register 41 API calls 15066->15067 15068 12a74d 15067->15068 15069 12a761 15068->15069 15146 12a474 15068->15146 15069->14983 15073 12a771 15072->15073 15075 12a612 15072->15075 15149 12ad07 15073->15149 15076 12a538 15075->15076 15077 12a546 15076->15077 15081 12a571 _Yarn 15076->15081 15078 12f73c ___std_exception_copy 14 API calls 15077->15078 15079 12a552 15077->15079 15078->15079 15080 1300fb ___std_exception_copy 15 API calls 15079->15080 15079->15081 15080->15081 15081->14988 15083 1300f2 15082->15083 15084 12a19a 15082->15084 15211 1300cd LeaveCriticalSection 15083->15211 15085 12a1ad 15084->15085 15210 12ac8b LeaveCriticalSection 15084->15210 15085->14985 15088 1300f9 15088->14985 15095 134f11 15089->15095 15094->15064 15116 1348dd 15095->15116 15115 134f43 15115->15115 15117 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15116->15117 15118 1348f3 15117->15118 15119 1348f7 15118->15119 15120 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15119->15120 15121 13490d 15120->15121 15122 134911 15121->15122 15123 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15122->15123 15124 134927 15123->15124 15125 13492b 15124->15125 15126 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15125->15126 15127 134941 15126->15127 15128 134945 15127->15128 15129 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15128->15129 15130 13495b 15129->15130 15131 13495f 15130->15131 15132 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15131->15132 15133 134975 15132->15133 15134 134979 15133->15134 15135 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15134->15135 15136 13498f 15135->15136 15137 134993 15136->15137 15138 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15137->15138 15139 1349a9 15138->15139 15140 1349c7 15139->15140 15141 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15140->15141 15142 1349dd 15141->15142 15143 1349ad 15142->15143 15144 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15143->15144 15145 1349c3 15144->15145 15145->15115 15147 12a538 _Yarn 15 API calls 15146->15147 15148 12a4ae 15147->15148 15148->14983 15150 12ad17 EncodePointer 15149->15150 15151 13079b 15149->15151 15150->15075 15150->15151 15162 136637 15151->15162 15154 1307ab 15156 1307b5 IsProcessorFeaturePresent 15154->15156 15161 1307d4 15154->15161 15157 1307c1 15156->15157 15159 12f867 std::locale::_Setgloballocale 8 API calls 15157->15159 15158 130d3f std::locale::_Setgloballocale 21 API calls 15160 1307de 15158->15160 15159->15161 15161->15158 15192 136565 15162->15192 15165 13667c 15166 136688 ___scrt_is_nonwritable_in_current_image 15165->15166 15167 133fa6 __Wcscoll 14 API calls 15166->15167 15168 1366d8 15166->15168 15169 1366ea std::locale::_Setgloballocale 15166->15169 15174 1366b9 std::locale::_Setgloballocale 15166->15174 15167->15174 15170 12fb3e __Wcscoll 14 API calls 15168->15170 15171 136720 std::locale::_Setgloballocale 15169->15171 15203 130085 EnterCriticalSection 15169->15203 15172 1366dd 15170->15172 15177 13685a 15171->15177 15178 13675d 15171->15178 15188 13678b 15171->15188 15175 12fa63 ___std_exception_copy 39 API calls 15172->15175 15174->15168 15174->15169 15191 1366c2 15174->15191 15175->15191 15179 136865 15177->15179 15208 1300cd LeaveCriticalSection 15177->15208 15183 133e54 __Getctype 39 API calls 15178->15183 15178->15188 15182 130d3f std::locale::_Setgloballocale 21 API calls 15179->15182 15184 13686d 15182->15184 15185 136780 15183->15185 15187 133e54 __Getctype 39 API calls 15185->15187 15186 133e54 __Getctype 39 API calls 15189 1367e0 15186->15189 15187->15188 15204 136806 15188->15204 15190 133e54 __Getctype 39 API calls 15189->15190 15189->15191 15190->15191 15191->15154 15193 136571 ___scrt_is_nonwritable_in_current_image 15192->15193 15198 130085 EnterCriticalSection 15193->15198 15195 13657f 15199 1365c1 15195->15199 15198->15195 15202 1300cd LeaveCriticalSection 15199->15202 15201 1307a0 15201->15154 15201->15165 15202->15201 15203->15171 15205 13680a 15204->15205 15207 1367d2 15204->15207 15209 1300cd LeaveCriticalSection 15205->15209 15207->15186 15207->15189 15207->15191 15208->15179 15209->15207 15210->15085 15211->15088 15213 123700 15212->15213 15248 123884 error_info_injector 15212->15248 15215 12ae52 std::_Facet_Register 41 API calls 15213->15215 15213->15248 15214 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15216 1238ab 15214->15216 15217 123710 15215->15217 15216->15001 15292 121310 15217->15292 15220 12a138 std::_Lockit::_Lockit 7 API calls 15221 123745 15220->15221 15222 12378e 15221->15222 15223 1238af 15221->15223 15311 12a6dd 15222->15311 15331 12a454 15223->15331 15227 1238b9 15229 12fa73 39 API calls 15227->15229 15231 1238be 15229->15231 15231->15001 15234 1237d9 15236 1237f0 15234->15236 15237 12f73c ___std_exception_copy 14 API calls 15234->15237 15235 12f73c ___std_exception_copy 14 API calls 15235->15234 15238 123807 15236->15238 15240 12f73c ___std_exception_copy 14 API calls 15236->15240 15237->15236 15239 12381e 15238->15239 15241 12f73c ___std_exception_copy 14 API calls 15238->15241 15242 123835 15239->15242 15243 12f73c ___std_exception_copy 14 API calls 15239->15243 15240->15238 15241->15239 15244 12384c 15242->15244 15245 12f73c ___std_exception_copy 14 API calls 15242->15245 15243->15242 15246 12a190 std::_Lockit::~_Lockit 2 API calls 15244->15246 15245->15244 15247 12385e 15246->15247 15247->15227 15247->15248 15248->15214 15250 12ae52 std::_Facet_Register 41 API calls 15249->15250 15251 12a5b9 15250->15251 15251->15007 15253 121724 15252->15253 15254 121589 15252->15254 15253->15018 15254->15253 15255 12ae52 std::_Facet_Register 41 API calls 15254->15255 15256 121599 15255->15256 15257 12a138 std::_Lockit::_Lockit 7 API calls 15256->15257 15258 1215ce 15257->15258 15259 121616 15258->15259 15260 12173d 15258->15260 15262 12a6dd std::_Locinfo::_Locinfo_ctor 67 API calls 15259->15262 15261 12a454 41 API calls 15260->15261 15263 121747 15261->15263 15264 121623 15262->15264 15475 12a7f2 GetStringTypeW 15263->15475 15453 12a891 15264->15453 15268 12175f 15268->15018 15271 12a728 std::_Locinfo::_Locinfo_dtor 66 API calls 15272 121686 15271->15272 15273 121696 15272->15273 15274 12f73c ___std_exception_copy 14 API calls 15272->15274 15275 1216ad 15273->15275 15276 12f73c ___std_exception_copy 14 API calls 15273->15276 15274->15273 15277 1216c4 15275->15277 15279 12f73c ___std_exception_copy 14 API calls 15275->15279 15276->15275 15278 1216db 15277->15278 15280 12f73c ___std_exception_copy 14 API calls 15277->15280 15281 1216f2 15278->15281 15282 12f73c ___std_exception_copy 14 API calls 15278->15282 15279->15277 15280->15278 15283 12170c 15281->15283 15284 12f73c ___std_exception_copy 14 API calls 15281->15284 15282->15281 15285 12a190 std::_Lockit::~_Lockit 2 API calls 15283->15285 15284->15283 15285->15253 15287 12123e Concurrency::cancel_current_task 15286->15287 15288 12c2fb Concurrency::cancel_current_task RaiseException 15287->15288 15289 12124c 15288->15289 15290 12bf61 ___std_exception_copy 40 API calls 15289->15290 15291 121273 15290->15291 15291->15009 15293 12133c 15292->15293 15310 12137a _Yarn error_info_injector 15292->15310 15294 121528 15293->15294 15299 121375 15293->15299 15297 121200 41 API calls 15294->15297 15295 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 15296 121522 15295->15296 15296->15220 15301 12152d 15297->15301 15298 121532 15302 12fa73 39 API calls 15298->15302 15300 1213b8 15299->15300 15305 1213f7 15299->15305 15306 121404 15299->15306 15299->15310 15308 12ae52 std::_Facet_Register 41 API calls 15300->15308 15304 121160 Concurrency::cancel_current_task 41 API calls 15301->15304 15307 121537 15302->15307 15303 121509 error_info_injector 15303->15295 15304->15298 15305->15300 15305->15301 15309 12ae52 std::_Facet_Register 41 API calls 15306->15309 15306->15310 15308->15310 15309->15310 15310->15298 15310->15303 15336 13035b 15311->15336 15314 12a538 _Yarn 15 API calls 15315 12a701 15314->15315 15316 12a711 15315->15316 15317 13035b std::_Locinfo::_Locinfo_dtor 66 API calls 15315->15317 15318 12a538 _Yarn 15 API calls 15316->15318 15317->15316 15319 123798 15318->15319 15320 12a8fc 15319->15320 15406 12fb76 15320->15406 15325 1237aa 15327 12a728 15325->15327 15328 1237c9 15327->15328 15329 12a734 15327->15329 15328->15234 15328->15235 15330 13035b std::_Locinfo::_Locinfo_dtor 66 API calls 15329->15330 15330->15328 15450 12a2be 15331->15450 15334 12c2fb Concurrency::cancel_current_task RaiseException 15335 12a473 15334->15335 15337 134f11 std::_Locinfo::_Locinfo_dtor 5 API calls 15336->15337 15338 130368 15337->15338 15341 130106 15338->15341 15342 130112 ___scrt_is_nonwritable_in_current_image 15341->15342 15349 130085 EnterCriticalSection 15342->15349 15344 130120 15350 130161 15344->15350 15349->15344 15375 1302c0 15350->15375 15352 13017c 15353 133e54 __Getctype 39 API calls 15352->15353 15370 13012d 15352->15370 15354 130189 15353->15354 15399 13563c 15354->15399 15357 1301b5 15360 12fa90 __Getcoll 11 API calls 15357->15360 15357->15370 15358 134f92 std::_Locinfo::_Locinfo_dtor 15 API calls 15359 1301da 15358->15359 15362 13563c std::_Locinfo::_Locinfo_dtor 41 API calls 15359->15362 15359->15370 15361 1302bf 15360->15361 15363 1301f6 15362->15363 15364 1301fd 15363->15364 15365 130218 15363->15365 15364->15357 15367 13020f 15364->15367 15366 130243 15365->15366 15368 133adc ___free_lconv_mon 14 API calls 15365->15368 15366->15370 15371 133adc ___free_lconv_mon 14 API calls 15366->15371 15369 133adc ___free_lconv_mon 14 API calls 15367->15369 15368->15366 15369->15370 15372 130155 15370->15372 15371->15370 15405 1300cd LeaveCriticalSection 15372->15405 15374 12a6e9 15374->15314 15376 1302da 15375->15376 15377 1302cc 15375->15377 15379 135283 std::_Locinfo::_Locinfo_dtor 41 API calls 15376->15379 15378 1323ae std::_Locinfo::_Locinfo_dtor 63 API calls 15377->15378 15380 1302d6 15378->15380 15381 1302f1 15379->15381 15380->15352 15382 130350 15381->15382 15383 134140 __Wcscoll 14 API calls 15381->15383 15384 12fa90 __Getcoll 11 API calls 15382->15384 15385 13030c 15383->15385 15386 13035a 15384->15386 15387 135283 std::_Locinfo::_Locinfo_dtor 41 API calls 15385->15387 15398 130334 15385->15398 15389 134f11 std::_Locinfo::_Locinfo_dtor 5 API calls 15386->15389 15390 130323 15387->15390 15388 133adc ___free_lconv_mon 14 API calls 15391 130349 15388->15391 15392 130368 15389->15392 15393 130336 15390->15393 15394 13032a 15390->15394 15391->15352 15395 130106 std::_Locinfo::_Locinfo_dtor 66 API calls 15392->15395 15396 1323ae std::_Locinfo::_Locinfo_dtor 63 API calls 15393->15396 15394->15382 15394->15398 15397 130391 15395->15397 15396->15398 15397->15352 15398->15388 15400 135650 ___std_exception_copy 15399->15400 15401 1352c0 std::_Locinfo::_Locinfo_dtor 41 API calls 15400->15401 15402 135668 15401->15402 15403 12f79f ___std_exception_copy 39 API calls 15402->15403 15404 1301ae 15403->15404 15404->15357 15404->15358 15405->15374 15407 133e54 __Getctype 39 API calls 15406->15407 15408 12fb81 15407->15408 15425 134765 15408->15425 15411 12fb9b 15412 133e54 __Getctype 39 API calls 15411->15412 15413 12fba6 15412->15413 15414 134765 __Getctype 39 API calls 15413->15414 15415 12a909 15414->15415 15415->15325 15416 1303e4 15415->15416 15417 1303f1 15416->15417 15422 13042c 15416->15422 15418 1300fb ___std_exception_copy 15 API calls 15417->15418 15419 130414 15418->15419 15420 13394b __Getcoll 39 API calls 15419->15420 15419->15422 15421 130425 15420->15421 15421->15422 15423 12fa90 __Getcoll 11 API calls 15421->15423 15422->15325 15424 130442 15423->15424 15426 134778 15425->15426 15427 12a902 15425->15427 15426->15427 15429 139473 15426->15429 15427->15411 15430 13947f ___scrt_is_nonwritable_in_current_image 15429->15430 15431 133e54 __Getctype 39 API calls 15430->15431 15432 139488 15431->15432 15433 1394ce 15432->15433 15442 130085 EnterCriticalSection 15432->15442 15433->15427 15435 1394a6 15443 1394f4 15435->15443 15440 13079b __purecall 39 API calls 15441 1394f3 15440->15441 15442->15435 15444 1394b7 15443->15444 15445 139502 __Getctype 15443->15445 15447 1394d3 15444->15447 15445->15444 15446 139227 __Getctype 14 API calls 15445->15446 15446->15444 15448 1300cd std::_Lockit::~_Lockit LeaveCriticalSection 15447->15448 15449 1394ca 15448->15449 15449->15433 15449->15440 15451 12a1c7 std::exception::exception 40 API calls 15450->15451 15452 12a2d0 15451->15452 15452->15334 15476 12fb51 15453->15476 15455 12a89a __Getctype 15456 12a8d2 15455->15456 15457 12a8b4 15455->15457 15459 130393 __Getctype 39 API calls 15456->15459 15481 130393 15457->15481 15460 12a8bb 15459->15460 15461 12fb9b __Getcoll 39 API calls 15460->15461 15462 12a8e3 15461->15462 15463 12163c 15462->15463 15464 1303e4 __Getcoll 40 API calls 15462->15464 15465 12a9e7 15463->15465 15464->15463 15466 12a9fa std::locale::_Setgloballocale 15465->15466 15467 12fb51 __Getctype 39 API calls 15466->15467 15468 12aa02 15467->15468 15486 12fbc2 15468->15486 15471 12fb9b __Getcoll 39 API calls 15472 12aa11 15471->15472 15473 130393 __Getctype 39 API calls 15472->15473 15474 12164f 15472->15474 15473->15474 15474->15271 15475->15268 15477 133e54 __Getctype 39 API calls 15476->15477 15478 12fb5c 15477->15478 15479 134765 __Getctype 39 API calls 15478->15479 15480 12fb6c 15479->15480 15480->15455 15482 133e54 __Getctype 39 API calls 15481->15482 15483 13039e 15482->15483 15484 134765 __Getctype 39 API calls 15483->15484 15485 1303ae 15484->15485 15485->15460 15487 133e54 __Getctype 39 API calls 15486->15487 15488 12fbcd 15487->15488 15489 134765 __Getctype 39 API calls 15488->15489 15490 12aa09 15489->15490 15490->15471 15492 124271 15491->15492 15493 1239ab 15492->15493 15495 12ae52 std::_Facet_Register 41 API calls 15492->15495 15500 124301 15492->15500 15493->15029 15493->15030 15494 12ae52 std::_Facet_Register 41 API calls 15496 12435f 15494->15496 15498 124289 15495->15498 15497 12ae52 std::_Facet_Register 41 API calls 15496->15497 15501 1243b6 15497->15501 15499 12ae52 std::_Facet_Register 41 API calls 15498->15499 15499->15500 15500->15494 15501->15493 15502 12ae52 41 API calls std::_Facet_Register 15501->15502 15502->15501 15506 12a434 15503->15506 15511 12a275 15506->15511 15509 12c2fb Concurrency::cancel_current_task RaiseException 15510 12a453 15509->15510 15512 12a289 std::regex_error::regex_error 15511->15512 15513 12a1c7 std::exception::exception 40 API calls 15512->15513 15514 12a292 15513->15514 15514->15509 15516 1247b7 15515->15516 15517 1247c9 15515->15517 15516->15055 15518 1247f4 15517->15518 15536 1270e0 15517->15536 15518->15055 15520 1247ed 15520->15055 15522 1270c8 15521->15522 15526 126fb7 15521->15526 15523 123f80 41 API calls 15522->15523 15534 127014 _Yarn 15523->15534 15524 1270c3 15525 121160 Concurrency::cancel_current_task 41 API calls 15524->15525 15525->15522 15526->15524 15529 127003 15526->15529 15530 12702a 15526->15530 15527 12fa73 39 API calls 15528 1270d2 15527->15528 15529->15524 15531 12700e 15529->15531 15532 12ae52 std::_Facet_Register 41 API calls 15530->15532 15530->15534 15533 12ae52 std::_Facet_Register 41 API calls 15531->15533 15532->15534 15533->15534 15534->15527 15534->15534 15535 12709d error_info_injector 15534->15535 15535->15057 15537 127248 15536->15537 15540 1270fc 15536->15540 15538 123f80 41 API calls 15537->15538 15549 127172 _Yarn 15538->15549 15539 127243 15541 121160 Concurrency::cancel_current_task 41 API calls 15539->15541 15540->15539 15544 127161 15540->15544 15545 127188 15540->15545 15541->15537 15542 12fa73 39 API calls 15543 127252 15542->15543 15544->15539 15546 12716c 15544->15546 15548 12ae52 std::_Facet_Register 41 API calls 15545->15548 15545->15549 15547 12ae52 std::_Facet_Register 41 API calls 15546->15547 15547->15549 15548->15549 15549->15542 15549->15549 15550 127217 error_info_injector 15549->15550 15550->15520 15605 137a14 15606 137a25 15605->15606 15609 137a38 std::_Locinfo::_Locinfo_dtor 15605->15609 15607 12fb3e __Wcscoll 14 API calls 15606->15607 15608 137a2a 15607->15608 15610 137c7a 15609->15610 15612 137a58 15609->15612 15611 12fb3e __Wcscoll 14 API calls 15610->15611 15613 137c7f 15611->15613 15665 137d5d 15612->15665 15616 133adc ___free_lconv_mon 14 API calls 15613->15616 15616->15608 15617 137ab5 15622 134140 __Wcscoll 14 API calls 15617->15622 15636 137a97 15617->15636 15640 137ad3 15617->15640 15619 137a89 15627 137a92 15619->15627 15628 137aa6 15619->15628 15621 137b34 15625 133adc ___free_lconv_mon 14 API calls 15621->15625 15626 137ac8 15622->15626 15623 134140 __Wcscoll 14 API calls 15629 137af3 15623->15629 15624 133adc ___free_lconv_mon 14 API calls 15624->15608 15639 137b3c 15625->15639 15631 133adc ___free_lconv_mon 14 API calls 15626->15631 15632 12fb3e __Wcscoll 14 API calls 15627->15632 15634 137d5d 39 API calls 15628->15634 15633 133adc ___free_lconv_mon 14 API calls 15629->15633 15630 137b80 15635 1307fb 42 API calls 15630->15635 15630->15636 15631->15640 15632->15636 15637 137aab 15633->15637 15634->15637 15638 137baf 15635->15638 15636->15624 15637->15636 15669 137d77 15637->15669 15641 133adc ___free_lconv_mon 14 API calls 15638->15641 15644 137b6a 15639->15644 15673 1307fb 15639->15673 15640->15623 15640->15636 15640->15637 15641->15644 15642 137c6f 15643 133adc ___free_lconv_mon 14 API calls 15642->15643 15643->15608 15644->15636 15644->15642 15648 134140 __Wcscoll 14 API calls 15644->15648 15646 137b61 15647 133adc ___free_lconv_mon 14 API calls 15646->15647 15647->15644 15649 137c00 15648->15649 15650 137c10 15649->15650 15651 137c08 15649->15651 15652 13394b __Getcoll 39 API calls 15650->15652 15653 133adc ___free_lconv_mon 14 API calls 15651->15653 15654 137c1c 15652->15654 15653->15636 15655 137c23 SetEnvironmentVariableW 15654->15655 15656 137c94 15654->15656 15657 137c4a 15655->15657 15658 137c69 15655->15658 15659 12fa90 __Getcoll 11 API calls 15656->15659 15660 12fb3e __Wcscoll 14 API calls 15657->15660 15662 133adc ___free_lconv_mon 14 API calls 15658->15662 15661 137c9e 15659->15661 15663 137c4f 15660->15663 15662->15642 15664 133adc ___free_lconv_mon 14 API calls 15663->15664 15664->15636 15666 137d6a 15665->15666 15668 137a69 15665->15668 15682 137c9f 15666->15682 15668->15617 15668->15619 15668->15637 15670 137d8d 15669->15670 15672 137b22 15669->15672 15670->15672 15699 1339af 15670->15699 15672->15621 15672->15630 15674 130823 15673->15674 15675 130808 15673->15675 15677 130832 15674->15677 15780 136bde 15674->15780 15675->15674 15676 130814 15675->15676 15678 12fb3e __Wcscoll 14 API calls 15676->15678 15787 1338e2 15677->15787 15681 130819 std::locale::_Setgloballocale 15678->15681 15681->15646 15683 137cb3 15682->15683 15684 137cae 15682->15684 15685 134140 __Wcscoll 14 API calls 15683->15685 15684->15668 15694 137cd4 15685->15694 15686 137d4b 15688 13079b __purecall 39 API calls 15686->15688 15687 137d39 15689 133adc ___free_lconv_mon 14 API calls 15687->15689 15690 137d50 15688->15690 15689->15684 15691 12fa90 __Getcoll 11 API calls 15690->15691 15692 137d5c 15691->15692 15695 137d70 15692->15695 15697 137c9f 39 API calls 15692->15697 15693 134140 __Wcscoll 14 API calls 15693->15694 15694->15686 15694->15687 15694->15690 15694->15693 15696 133adc ___free_lconv_mon 14 API calls 15694->15696 15698 13394b __Getcoll 39 API calls 15694->15698 15695->15668 15696->15694 15697->15695 15698->15694 15700 1339be 15699->15700 15706 1339ff 15699->15706 15702 1339c4 15700->15702 15703 1339e1 15700->15703 15704 12fb3e __Wcscoll 14 API calls 15702->15704 15705 1339eb 15703->15705 15703->15706 15708 1339c9 15704->15708 15710 12fb3e __Wcscoll 14 API calls 15705->15710 15713 133a1c 15706->15713 15707 1339d4 15707->15670 15709 12fa63 ___std_exception_copy 39 API calls 15708->15709 15709->15707 15711 1339f0 15710->15711 15712 12fa63 ___std_exception_copy 39 API calls 15711->15712 15712->15707 15714 133a33 15713->15714 15729 133a2c std::_Locinfo::_Locinfo_dtor 15713->15729 15715 133a39 15714->15715 15717 133a59 15714->15717 15716 12fb3e __Wcscoll 14 API calls 15715->15716 15718 133a3e 15716->15718 15719 133a63 15717->15719 15720 133a75 15717->15720 15721 12fa63 ___std_exception_copy 39 API calls 15718->15721 15722 12fb3e __Wcscoll 14 API calls 15719->15722 15731 1305f3 15720->15731 15721->15729 15725 133a68 15722->15725 15726 12fa63 ___std_exception_copy 39 API calls 15725->15726 15726->15729 15729->15707 15730 12fb3e __Wcscoll 14 API calls 15730->15729 15732 130611 15731->15732 15733 13060a 15731->15733 15732->15733 15734 133e54 __Getctype 39 API calls 15732->15734 15733->15729 15739 13abe6 15733->15739 15735 130632 15734->15735 15736 134765 __Getctype 39 API calls 15735->15736 15737 130648 15736->15737 15743 1347c3 15737->15743 15740 13abf3 ___crtLCMapStringW 15739->15740 15742 133aaf 15740->15742 15768 134b8b 15740->15768 15742->15729 15742->15730 15744 1347d6 15743->15744 15745 1347eb 15743->15745 15744->15745 15747 1376f6 15744->15747 15745->15733 15748 133e54 __Getctype 39 API calls 15747->15748 15749 1376fb 15748->15749 15752 13760e 15749->15752 15753 13761a ___scrt_is_nonwritable_in_current_image 15752->15753 15760 137634 15753->15760 15763 130085 EnterCriticalSection 15753->15763 15755 137644 15761 133adc ___free_lconv_mon 14 API calls 15755->15761 15762 137670 15755->15762 15756 13763b 15756->15745 15757 13079b __purecall 39 API calls 15759 1376ad 15757->15759 15760->15756 15760->15757 15761->15762 15764 13768d 15762->15764 15763->15755 15767 1300cd LeaveCriticalSection 15764->15767 15766 137694 15766->15760 15767->15766 15769 1348f7 std::_Locinfo::_Locinfo_dtor 5 API calls 15768->15769 15770 134b96 15769->15770 15773 134b9c 15770->15773 15774 134ed5 15770->15774 15772 134bdc CompareStringW 15772->15773 15773->15742 15777 1349e1 15774->15777 15776 134ee0 std::_Locinfo::_Locinfo_dtor 15776->15772 15778 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 15777->15778 15779 1349f7 15778->15779 15779->15776 15781 136be9 15780->15781 15782 136bfe HeapSize 15780->15782 15783 12fb3e __Wcscoll 14 API calls 15781->15783 15782->15677 15784 136bee 15783->15784 15785 12fa63 ___std_exception_copy 39 API calls 15784->15785 15786 136bf9 15785->15786 15786->15677 15788 1338fa 15787->15788 15789 1338ef 15787->15789 15791 133902 15788->15791 15797 13390b __Wcscoll 15788->15797 15790 134f92 std::_Locinfo::_Locinfo_dtor 15 API calls 15789->15790 15795 1338f7 15790->15795 15792 133adc ___free_lconv_mon 14 API calls 15791->15792 15792->15795 15793 133910 15796 12fb3e __Wcscoll 14 API calls 15793->15796 15794 133935 HeapReAlloc 15794->15795 15794->15797 15795->15681 15796->15795 15797->15793 15797->15794 15798 130892 std::_Facet_Register 2 API calls 15797->15798 15798->15797 17328 133d1b 17329 133d26 17328->17329 17330 133d36 17328->17330 17334 133d3c 17329->17334 17333 133adc ___free_lconv_mon 14 API calls 17333->17330 17335 133d51 17334->17335 17336 133d57 17334->17336 17337 133adc ___free_lconv_mon 14 API calls 17335->17337 17338 133adc ___free_lconv_mon 14 API calls 17336->17338 17337->17336 17339 133d63 17338->17339 17340 133adc ___free_lconv_mon 14 API calls 17339->17340 17341 133d6e 17340->17341 17342 133adc ___free_lconv_mon 14 API calls 17341->17342 17343 133d79 17342->17343 17344 133adc ___free_lconv_mon 14 API calls 17343->17344 17345 133d84 17344->17345 17346 133adc ___free_lconv_mon 14 API calls 17345->17346 17347 133d8f 17346->17347 17348 133adc ___free_lconv_mon 14 API calls 17347->17348 17349 133d9a 17348->17349 17350 133adc ___free_lconv_mon 14 API calls 17349->17350 17351 133da5 17350->17351 17352 133adc ___free_lconv_mon 14 API calls 17351->17352 17353 133db0 17352->17353 17354 133adc ___free_lconv_mon 14 API calls 17353->17354 17355 133dbe 17354->17355 17360 133b68 17355->17360 17361 133b74 ___scrt_is_nonwritable_in_current_image 17360->17361 17376 130085 EnterCriticalSection 17361->17376 17363 133ba8 17377 133bc7 17363->17377 17366 133b7e 17366->17363 17367 133adc ___free_lconv_mon 14 API calls 17366->17367 17367->17363 17368 133bd3 17369 133bdf ___scrt_is_nonwritable_in_current_image 17368->17369 17381 130085 EnterCriticalSection 17369->17381 17371 133be9 17372 133e09 __Wcscoll 14 API calls 17371->17372 17373 133bfc 17372->17373 17382 133c1c 17373->17382 17376->17366 17380 1300cd LeaveCriticalSection 17377->17380 17379 133bb5 17379->17368 17380->17379 17381->17371 17385 1300cd LeaveCriticalSection 17382->17385 17384 133c0a 17384->17333 17385->17384 15799 12101b 15802 12b0be 15799->15802 15805 12b091 15802->15805 15806 12b0a0 15805->15806 15807 12b0a7 15805->15807 15811 131648 15806->15811 15814 1316c5 15807->15814 15810 121020 15812 1316c5 42 API calls 15811->15812 15813 13165a 15812->15813 15813->15810 15817 131411 15814->15817 15818 13141d ___scrt_is_nonwritable_in_current_image 15817->15818 15825 130085 EnterCriticalSection 15818->15825 15820 13142b 15826 13146c 15820->15826 15822 131438 15836 131460 15822->15836 15825->15820 15827 1314fa std::_Locinfo::_Locinfo_dtor 15826->15827 15828 131487 15826->15828 15827->15822 15828->15827 15829 1307fb 42 API calls 15828->15829 15835 1314da 15828->15835 15831 1314d0 15829->15831 15830 1307fb 42 API calls 15832 1314f0 15830->15832 15833 133adc ___free_lconv_mon 14 API calls 15831->15833 15834 133adc ___free_lconv_mon 14 API calls 15832->15834 15833->15835 15834->15827 15835->15827 15835->15830 15839 1300cd LeaveCriticalSection 15836->15839 15838 131449 15838->15810 15839->15838 16361 12f62e 16364 12f63a ___scrt_is_nonwritable_in_current_image ___crtLCMapStringW 16361->16364 16362 12f641 16363 12fb3e __Wcscoll 14 API calls 16362->16363 16365 12f646 16363->16365 16364->16362 16367 12f667 16364->16367 16366 12fa63 ___std_exception_copy 39 API calls 16365->16366 16373 12f651 16366->16373 16374 130085 EnterCriticalSection 16367->16374 16369 12f672 16375 12f6ad 16369->16375 16374->16369 16377 12f6bb 16375->16377 16376 12f67d 16379 12f6a4 16376->16379 16377->16376 16378 1339af 40 API calls 16377->16378 16378->16377 16382 1300cd LeaveCriticalSection 16379->16382 16381 12f6ab 16381->16373 16382->16381 17580 131d42 17583 131a0e 17580->17583 17584 131a1a ___scrt_is_nonwritable_in_current_image 17583->17584 17591 130085 EnterCriticalSection 17584->17591 17586 131a52 17592 131a70 17586->17592 17587 131a24 17587->17586 17589 1394f4 __Getctype 14 API calls 17587->17589 17589->17587 17591->17587 17595 1300cd LeaveCriticalSection 17592->17595 17594 131a5e 17595->17594 16876 136cb8 16877 136c4a 16876->16877 16882 136cc1 std::_Locinfo::_Locinfo_dtor 16876->16882 16878 136c52 16877->16878 16879 134b4b std::locale::_Setgloballocale 5 API calls 16877->16879 16879->16878 16883 136d33 16882->16883 16886 136d1f 16882->16886 16902 136e2d 16882->16902 16910 136ee1 16882->16910 16932 137057 16883->16932 16885 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16888 136e1e 16885->16888 16886->16886 16926 131068 16886->16926 16890 136d72 16892 133adc ___free_lconv_mon 14 API calls 16890->16892 16891 136df9 16893 133adc ___free_lconv_mon 14 API calls 16891->16893 16892->16883 16894 136e06 16893->16894 16895 137057 14 API calls 16894->16895 16897 136d84 16895->16897 16897->16885 16898 136e20 16900 12fa90 __Getcoll 11 API calls 16898->16900 16899 136d8b 16899->16891 16899->16898 16938 13827b 16899->16938 16901 136e2c 16900->16901 16903 136e3d 16902->16903 16903->16903 16904 134140 __Wcscoll 14 API calls 16903->16904 16905 136e70 16904->16905 16906 13827b std::_Locinfo::_Locinfo_dtor 39 API calls 16905->16906 16907 136e9c 16906->16907 16908 12fa90 __Getcoll 11 API calls 16907->16908 16909 136ee0 16908->16909 16911 136f0c 16910->16911 16912 136f3b 16911->16912 16913 136f5a FindFirstFileExW 16911->16913 16914 136e2d 39 API calls 16912->16914 16913->16912 16919 136f91 16913->16919 16915 136f46 16914->16915 16918 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16915->16918 16916 136fef FindNextFileW 16916->16919 16920 137004 16916->16920 16917 136e2d 39 API calls 16917->16919 16921 137055 16918->16921 16919->16916 16919->16917 16922 13703b FindClose 16919->16922 16923 137018 FindClose 16920->16923 16947 13b700 16920->16947 16921->16882 16922->16915 16923->16915 16927 1310ab 16926->16927 16928 131079 16926->16928 16927->16890 16927->16899 16928->16927 16929 134140 __Wcscoll 14 API calls 16928->16929 16930 1310a2 16929->16930 16931 133adc ___free_lconv_mon 14 API calls 16930->16931 16931->16927 16933 137061 16932->16933 16934 137071 16933->16934 16936 133adc ___free_lconv_mon 14 API calls 16933->16936 16935 133adc ___free_lconv_mon 14 API calls 16934->16935 16937 137078 16935->16937 16936->16933 16937->16897 16939 1381ad 16938->16939 16940 1381c7 16939->16940 16941 1381db 16939->16941 16945 138205 16939->16945 16940->16941 16942 12fb3e __Wcscoll 14 API calls 16940->16942 16941->16899 16943 1381d1 16942->16943 16944 12fa63 ___std_exception_copy 39 API calls 16943->16944 16944->16941 16945->16941 16946 12fb3e __Wcscoll 14 API calls 16945->16946 16946->16943 16948 13b73a 16947->16948 16949 12fb3e __Wcscoll 14 API calls 16948->16949 16954 13b74e 16948->16954 16950 13b743 16949->16950 16952 12fa63 ___std_exception_copy 39 API calls 16950->16952 16951 12ae3f __ehhandler$?ConvertBSTRToString@_com_util@@YGPADPAG@Z 5 API calls 16953 137036 16951->16953 16952->16954 16953->16923 16954->16951 16954->16954 14082 12b1d2 14083 12b1de ___scrt_is_nonwritable_in_current_image 14082->14083 14108 12aef8 14083->14108 14085 12b1e5 14086 12b33e 14085->14086 14092 12b20f ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 14085->14092 14143 12b7fd IsProcessorFeaturePresent 14086->14143 14088 12b345 14123 130d7b 14088->14123 14094 12b22e 14092->14094 14095 12b2af 14092->14095 14126 130d55 14092->14126 14116 13139d 14095->14116 14098 12b2b5 14120 1228d0 StartServiceCtrlDispatcherW 14098->14120 14100 12b2cc 14132 12b920 GetModuleHandleW 14100->14132 14103 12b2da 14104 12b2e3 14103->14104 14134 130d30 14103->14134 14137 12b069 14104->14137 14109 12af01 14108->14109 14150 12b3de IsProcessorFeaturePresent 14109->14150 14113 12af12 14114 12af16 14113->14114 14160 12e0df 14113->14160 14114->14085 14117 1313ab 14116->14117 14118 1313a6 14116->14118 14117->14098 14220 1310c2 14118->14220 14121 122900 GetLastError 14120->14121 14122 12290a 14120->14122 14121->14100 14122->14100 14500 130baf 14123->14500 14127 130d6b ___scrt_is_nonwritable_in_current_image std::_Locinfo::_Locinfo_dtor 14126->14127 14127->14095 14573 133e54 GetLastError 14127->14573 14129 13079b __purecall 39 API calls 14130 13311a 14129->14130 14133 12b2d6 14132->14133 14133->14088 14133->14103 14135 130baf std::locale::_Setgloballocale 21 API calls 14134->14135 14136 130d3b 14135->14136 14136->14104 14138 12b075 14137->14138 14142 12b08b 14138->14142 14600 131805 14138->14600 14140 12b083 14141 12e0df ___scrt_uninitialize_crt 7 API calls 14140->14141 14141->14142 14142->14094 14144 12b813 std::locale::_Setgloballocale 14143->14144 14145 12b8be IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14144->14145 14146 12b909 std::locale::_Setgloballocale 14145->14146 14146->14088 14147 130d3f 14148 130baf std::locale::_Setgloballocale 21 API calls 14147->14148 14149 12b353 14148->14149 14151 12af0d 14150->14151 14152 12e0c0 14151->14152 14166 12f1ac 14152->14166 14156 12e0d1 14157 12e0dc 14156->14157 14180 12f1e8 14156->14180 14157->14113 14159 12e0c9 14159->14113 14161 12e0f2 14160->14161 14162 12e0e8 14160->14162 14161->14114 14163 12e3c9 ___vcrt_uninitialize_ptd 6 API calls 14162->14163 14164 12e0ed 14163->14164 14165 12f1e8 ___vcrt_uninitialize_locks DeleteCriticalSection 14164->14165 14165->14161 14167 12f1b5 14166->14167 14169 12f1de 14167->14169 14171 12e0c5 14167->14171 14184 12f561 14167->14184 14170 12f1e8 ___vcrt_uninitialize_locks DeleteCriticalSection 14169->14170 14170->14171 14171->14159 14172 12e396 14171->14172 14201 12f472 14172->14201 14177 12e3c6 14177->14156 14179 12e3ab 14179->14156 14181 12f212 14180->14181 14182 12f1f3 14180->14182 14181->14159 14183 12f1fd DeleteCriticalSection 14182->14183 14183->14181 14183->14183 14189 12f387 14184->14189 14187 12f599 InitializeCriticalSectionAndSpinCount 14188 12f584 14187->14188 14188->14167 14190 12f3a4 14189->14190 14193 12f3a8 14189->14193 14190->14187 14190->14188 14191 12f410 GetProcAddress 14191->14190 14193->14190 14193->14191 14194 12f401 14193->14194 14196 12f427 LoadLibraryExW 14193->14196 14194->14191 14195 12f409 FreeLibrary 14194->14195 14195->14191 14197 12f46e 14196->14197 14198 12f43e GetLastError 14196->14198 14197->14193 14198->14197 14199 12f449 ___vcrt_InitializeCriticalSectionEx 14198->14199 14199->14197 14200 12f45f LoadLibraryExW 14199->14200 14200->14193 14202 12f387 ___vcrt_InitializeCriticalSectionEx 5 API calls 14201->14202 14203 12f48c 14202->14203 14204 12f4a5 TlsAlloc 14203->14204 14205 12e3a0 14203->14205 14205->14179 14206 12f523 14205->14206 14207 12f387 ___vcrt_InitializeCriticalSectionEx 5 API calls 14206->14207 14208 12f53d 14207->14208 14209 12f558 TlsSetValue 14208->14209 14210 12e3b9 14208->14210 14209->14210 14210->14177 14211 12e3c9 14210->14211 14212 12e3d3 14211->14212 14214 12e3d9 14211->14214 14215 12f4ad 14212->14215 14214->14179 14216 12f387 ___vcrt_InitializeCriticalSectionEx 5 API calls 14215->14216 14217 12f4c7 14216->14217 14218 12f4df TlsFree 14217->14218 14219 12f4d3 14217->14219 14218->14219 14219->14214 14221 1310cb 14220->14221 14224 1310e1 14220->14224 14221->14224 14226 1310ee 14221->14226 14223 1310d8 14223->14224 14241 131290 14223->14241 14224->14117 14227 1310f7 14226->14227 14228 1310fa 14226->14228 14227->14223 14249 1379c6 GetEnvironmentStringsW 14228->14249 14230 131100 14231 131112 14230->14231 14232 131106 14230->14232 14262 131143 14231->14262 14256 133adc 14232->14256 14237 133adc ___free_lconv_mon 14 API calls 14238 131136 14237->14238 14239 133adc ___free_lconv_mon 14 API calls 14238->14239 14240 13113c 14239->14240 14240->14223 14242 1312fb 14241->14242 14245 13129f 14241->14245 14242->14224 14243 136906 MultiByteToWideChar std::_Locinfo::_Locinfo_dtor 14243->14245 14244 134140 __Wcscoll 14 API calls 14244->14245 14245->14242 14245->14243 14245->14244 14247 1312ff 14245->14247 14248 133adc ___free_lconv_mon 14 API calls 14245->14248 14246 133adc ___free_lconv_mon 14 API calls 14246->14242 14247->14246 14248->14245 14250 1379d7 14249->14250 14251 1379d5 14249->14251 14284 134f92 14250->14284 14251->14230 14253 1379ec _Yarn 14254 133adc ___free_lconv_mon 14 API calls 14253->14254 14255 137a06 FreeEnvironmentStringsW 14254->14255 14255->14230 14257 133ae7 HeapFree 14256->14257 14261 13110c 14256->14261 14258 133afc GetLastError 14257->14258 14257->14261 14259 133b09 ___free_lconv_mon 14258->14259 14260 12fb3e __Wcscoll 12 API calls 14259->14260 14260->14261 14261->14223 14265 131162 14262->14265 14263 134140 __Wcscoll 14 API calls 14264 1311a2 14263->14264 14266 1311aa 14264->14266 14276 1311b4 14264->14276 14265->14263 14265->14265 14267 133adc ___free_lconv_mon 14 API calls 14266->14267 14269 131119 14267->14269 14268 131229 14270 133adc ___free_lconv_mon 14 API calls 14268->14270 14269->14237 14270->14269 14271 134140 __Wcscoll 14 API calls 14271->14276 14272 131239 14403 131261 14272->14403 14276->14268 14276->14271 14276->14272 14278 131254 14276->14278 14280 133adc ___free_lconv_mon 14 API calls 14276->14280 14394 13394b 14276->14394 14277 133adc ___free_lconv_mon 14 API calls 14279 131247 14277->14279 14409 12fa90 IsProcessorFeaturePresent 14278->14409 14282 133adc ___free_lconv_mon 14 API calls 14279->14282 14280->14276 14282->14269 14283 131260 14285 134fd0 14284->14285 14289 134fa0 __Wcscoll 14284->14289 14294 12fb3e 14285->14294 14286 134fbb HeapAlloc 14288 134fce 14286->14288 14286->14289 14288->14253 14289->14285 14289->14286 14291 130892 14289->14291 14297 1308be 14291->14297 14308 133fa6 GetLastError 14294->14308 14296 12fb43 14296->14288 14298 1308ca ___scrt_is_nonwritable_in_current_image 14297->14298 14303 130085 EnterCriticalSection 14298->14303 14300 1308d5 std::locale::_Setgloballocale 14304 13090c 14300->14304 14303->14300 14307 1300cd LeaveCriticalSection 14304->14307 14306 13089d 14306->14289 14307->14306 14309 133fc2 14308->14309 14310 133fbc 14308->14310 14314 133fc6 SetLastError 14309->14314 14336 134cf9 14309->14336 14331 134cba 14310->14331 14314->14296 14318 133ffb 14320 134cf9 __Wcscoll 6 API calls 14318->14320 14319 13400c 14321 134cf9 __Wcscoll 6 API calls 14319->14321 14328 134009 14320->14328 14322 134018 14321->14322 14323 134033 14322->14323 14324 13401c 14322->14324 14348 133c82 14323->14348 14325 134cf9 __Wcscoll 6 API calls 14324->14325 14325->14328 14326 133adc ___free_lconv_mon 12 API calls 14326->14314 14328->14326 14330 133adc ___free_lconv_mon 12 API calls 14330->14314 14353 134ac6 14331->14353 14334 134cf1 TlsGetValue 14335 134cdf 14335->14309 14337 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 14336->14337 14338 134d15 14337->14338 14339 134d33 TlsSetValue 14338->14339 14340 133fde 14338->14340 14340->14314 14341 134140 14340->14341 14346 13414d __Wcscoll 14341->14346 14342 134178 HeapAlloc 14344 133ff3 14342->14344 14342->14346 14343 13418d 14345 12fb3e __Wcscoll 13 API calls 14343->14345 14344->14318 14344->14319 14345->14344 14346->14342 14346->14343 14347 130892 std::_Facet_Register 2 API calls 14346->14347 14347->14346 14368 133b16 14348->14368 14354 134af2 14353->14354 14355 134af6 14353->14355 14354->14334 14354->14335 14355->14354 14360 1349fb 14355->14360 14358 134b10 GetProcAddress 14358->14354 14359 134b20 std::_Locinfo::_Locinfo_dtor 14358->14359 14359->14354 14366 134a0c ___vcrt_InitializeCriticalSectionEx 14360->14366 14361 134aa2 14361->14354 14361->14358 14362 134a2a LoadLibraryExW 14363 134a45 GetLastError 14362->14363 14364 134aa9 14362->14364 14363->14366 14364->14361 14365 134abb FreeLibrary 14364->14365 14365->14361 14366->14361 14366->14362 14367 134a78 LoadLibraryExW 14366->14367 14367->14364 14367->14366 14369 133b22 ___scrt_is_nonwritable_in_current_image 14368->14369 14382 130085 EnterCriticalSection 14369->14382 14371 133b2c 14383 133b5c 14371->14383 14374 133c28 14375 133c34 ___scrt_is_nonwritable_in_current_image 14374->14375 14386 130085 EnterCriticalSection 14375->14386 14377 133c3e 14387 133e09 14377->14387 14379 133c56 14391 133c76 14379->14391 14382->14371 14384 1300cd std::_Lockit::~_Lockit LeaveCriticalSection 14383->14384 14385 133b4a 14384->14385 14385->14374 14386->14377 14388 133e18 __Getctype 14387->14388 14389 133e3f __Getctype 14387->14389 14388->14389 14390 139227 __Getctype 14 API calls 14388->14390 14389->14379 14390->14389 14392 1300cd std::_Lockit::~_Lockit LeaveCriticalSection 14391->14392 14393 133c64 14392->14393 14393->14330 14395 133959 14394->14395 14396 133967 14394->14396 14395->14396 14401 133981 14395->14401 14397 12fb3e __Wcscoll 14 API calls 14396->14397 14398 133971 14397->14398 14413 12fa63 14398->14413 14400 13397b 14400->14276 14401->14400 14402 12fb3e __Wcscoll 14 API calls 14401->14402 14402->14398 14404 13126e 14403->14404 14408 13123f 14403->14408 14405 131285 14404->14405 14406 133adc ___free_lconv_mon 14 API calls 14404->14406 14407 133adc ___free_lconv_mon 14 API calls 14405->14407 14406->14404 14407->14408 14408->14277 14410 12fa9c 14409->14410 14486 12f867 14410->14486 14416 12f9af 14413->14416 14417 12f9c1 ___std_exception_copy 14416->14417 14422 12f9e6 14417->14422 14419 12f9d9 14433 12f79f 14419->14433 14423 12f9f6 14422->14423 14425 12f9fd 14422->14425 14439 12f804 GetLastError 14423->14439 14430 12fa0b 14425->14430 14443 12f7db 14425->14443 14427 12fa32 14428 12fa90 __Getcoll 11 API calls 14427->14428 14427->14430 14429 12fa62 14428->14429 14431 12f9af ___std_exception_copy 39 API calls 14429->14431 14430->14419 14432 12fa6f 14431->14432 14432->14419 14434 12f7ab 14433->14434 14435 12f7c2 14434->14435 14468 12f84a 14434->14468 14437 12f84a ___std_exception_copy 39 API calls 14435->14437 14438 12f7d5 14435->14438 14437->14438 14438->14400 14440 12f81d 14439->14440 14446 134057 14440->14446 14444 12f7e6 GetLastError SetLastError 14443->14444 14445 12f7ff 14443->14445 14444->14427 14445->14427 14447 134070 14446->14447 14448 13406a 14446->14448 14449 134cf9 __Wcscoll 6 API calls 14447->14449 14467 12f835 SetLastError 14447->14467 14450 134cba __Wcscoll 6 API calls 14448->14450 14451 13408a 14449->14451 14450->14447 14452 134140 __Wcscoll 14 API calls 14451->14452 14451->14467 14453 13409a 14452->14453 14454 1340a2 14453->14454 14455 1340b7 14453->14455 14457 134cf9 __Wcscoll 6 API calls 14454->14457 14456 134cf9 __Wcscoll 6 API calls 14455->14456 14458 1340c3 14456->14458 14459 1340ae 14457->14459 14460 1340c7 14458->14460 14461 1340d6 14458->14461 14464 133adc ___free_lconv_mon 14 API calls 14459->14464 14462 134cf9 __Wcscoll 6 API calls 14460->14462 14463 133c82 __Wcscoll 14 API calls 14461->14463 14462->14459 14465 1340e1 14463->14465 14464->14467 14466 133adc ___free_lconv_mon 14 API calls 14465->14466 14466->14467 14467->14425 14469 12f854 14468->14469 14470 12f85d 14468->14470 14471 12f804 ___std_exception_copy 16 API calls 14469->14471 14470->14435 14472 12f859 14471->14472 14472->14470 14475 13079b 14472->14475 14476 136637 std::locale::_Setgloballocale EnterCriticalSection LeaveCriticalSection 14475->14476 14477 1307a0 14476->14477 14478 13667c std::locale::_Setgloballocale 38 API calls 14477->14478 14482 1307ab 14477->14482 14478->14482 14479 1307b5 IsProcessorFeaturePresent 14480 1307c1 14479->14480 14483 12f867 std::locale::_Setgloballocale 8 API calls 14480->14483 14481 130d3f std::locale::_Setgloballocale 21 API calls 14484 1307de 14481->14484 14482->14479 14485 1307d4 14482->14485 14483->14485 14485->14481 14487 12f883 std::locale::_Setgloballocale 14486->14487 14488 12f8af IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14487->14488 14489 12f980 std::locale::_Setgloballocale 14488->14489 14492 12ae3f 14489->14492 14491 12f99e GetCurrentProcess TerminateProcess 14491->14283 14493 12ae47 14492->14493 14494 12ae48 IsProcessorFeaturePresent 14492->14494 14493->14491 14496 12b62d 14494->14496 14499 12b5f0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 14496->14499 14498 12b710 14498->14491 14499->14498 14501 130bee 14500->14501 14502 130bdc 14500->14502 14512 130a5b 14501->14512 14503 12b920 std::locale::_Setgloballocale GetModuleHandleW 14502->14503 14505 130be1 14503->14505 14505->14501 14527 130c90 GetModuleHandleExW 14505->14527 14506 12b34b 14506->14147 14511 130c40 14513 130a67 ___scrt_is_nonwritable_in_current_image 14512->14513 14533 130085 EnterCriticalSection 14513->14533 14515 130a71 14534 130ac7 14515->14534 14517 130a7e 14538 130a9c 14517->14538 14520 130c46 14563 130c77 14520->14563 14522 130c50 14523 130c64 14522->14523 14524 130c54 GetCurrentProcess TerminateProcess 14522->14524 14525 130c90 std::locale::_Setgloballocale 3 API calls 14523->14525 14524->14523 14526 130c6c ExitProcess 14525->14526 14528 130cf0 14527->14528 14529 130ccf GetProcAddress 14527->14529 14531 130cf6 FreeLibrary 14528->14531 14532 130bed 14528->14532 14529->14528 14530 130ce3 14529->14530 14530->14528 14531->14532 14532->14501 14533->14515 14536 130ad3 ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 14534->14536 14535 130b37 std::locale::_Setgloballocale 14535->14517 14536->14535 14541 13165e 14536->14541 14562 1300cd LeaveCriticalSection 14538->14562 14540 130a8a 14540->14506 14540->14520 14542 13166a __EH_prolog3 14541->14542 14545 1313b6 14542->14545 14544 131691 std::locale::_Setgloballocale 14544->14535 14546 1313c2 ___scrt_is_nonwritable_in_current_image 14545->14546 14553 130085 EnterCriticalSection 14546->14553 14548 1313d0 14554 13156e 14548->14554 14553->14548 14555 13158d 14554->14555 14556 1313dd 14554->14556 14555->14556 14557 133adc ___free_lconv_mon 14 API calls 14555->14557 14558 131405 14556->14558 14557->14556 14561 1300cd LeaveCriticalSection 14558->14561 14560 1313ee 14560->14544 14561->14560 14562->14540 14566 136c36 14563->14566 14565 130c7c std::locale::_Setgloballocale 14565->14522 14567 136c45 std::locale::_Setgloballocale 14566->14567 14568 136c52 14567->14568 14570 134b4b 14567->14570 14568->14565 14571 134ac6 std::_Locinfo::_Locinfo_dtor 5 API calls 14570->14571 14572 134b67 14571->14572 14572->14568 14574 133e70 14573->14574 14575 133e6a 14573->14575 14577 134cf9 __Wcscoll 6 API calls 14574->14577 14579 133e74 SetLastError 14574->14579 14576 134cba __Wcscoll 6 API calls 14575->14576 14576->14574 14578 133e8c 14577->14578 14578->14579 14581 134140 __Wcscoll 14 API calls 14578->14581 14583 1330f0 14579->14583 14584 133f09 14579->14584 14582 133ea1 14581->14582 14585 133eba 14582->14585 14586 133ea9 14582->14586 14583->14129 14587 13079b __purecall 37 API calls 14584->14587 14589 134cf9 __Wcscoll 6 API calls 14585->14589 14588 134cf9 __Wcscoll 6 API calls 14586->14588 14590 133f0e 14587->14590 14591 133eb7 14588->14591 14592 133ec6 14589->14592 14597 133adc ___free_lconv_mon 14 API calls 14591->14597 14593 133ee1 14592->14593 14594 133eca 14592->14594 14595 133c82 __Wcscoll 14 API calls 14593->14595 14596 134cf9 __Wcscoll 6 API calls 14594->14596 14598 133eec 14595->14598 14596->14591 14597->14579 14599 133adc ___free_lconv_mon 14 API calls 14598->14599 14599->14579 14601 131822 ___scrt_uninitialize_crt 14600->14601 14602 131810 14600->14602 14601->14140 14603 13181e 14602->14603 14605 138135 14602->14605 14603->14140 14608 137fc6 14605->14608 14611 137f1a 14608->14611 14612 137f26 ___scrt_is_nonwritable_in_current_image 14611->14612 14619 130085 EnterCriticalSection 14612->14619 14614 137f9c 14628 137fba 14614->14628 14617 137f30 ___scrt_uninitialize_crt 14617->14614 14620 137e8e 14617->14620 14619->14617 14621 137e9a ___scrt_is_nonwritable_in_current_image 14620->14621 14631 13634b EnterCriticalSection 14621->14631 14623 137edd 14645 137f0e 14623->14645 14624 137ea4 ___scrt_uninitialize_crt 14624->14623 14632 1380d0 14624->14632 14747 1300cd LeaveCriticalSection 14628->14747 14630 137fa8 14630->14603 14631->14624 14633 1380e5 ___std_exception_copy 14632->14633 14634 1380f7 14633->14634 14635 1380ec 14633->14635 14648 138067 14634->14648 14636 137fc6 ___scrt_uninitialize_crt 68 API calls 14635->14636 14638 1380f2 14636->14638 14640 12f79f ___std_exception_copy 39 API calls 14638->14640 14641 13812f 14640->14641 14641->14623 14643 138118 14661 13bce1 14643->14661 14746 13635f LeaveCriticalSection 14645->14746 14647 137efc 14647->14617 14649 138080 14648->14649 14653 1380a7 14648->14653 14650 136210 ___scrt_uninitialize_crt 39 API calls 14649->14650 14649->14653 14651 13809c 14650->14651 14672 13c500 14651->14672 14653->14638 14654 136210 14653->14654 14655 136231 14654->14655 14656 13621c 14654->14656 14655->14643 14657 12fb3e __Wcscoll 14 API calls 14656->14657 14658 136221 14657->14658 14659 12fa63 ___std_exception_copy 39 API calls 14658->14659 14660 13622c 14659->14660 14660->14643 14662 13bcf2 14661->14662 14663 13bcff 14661->14663 14664 12fb3e __Wcscoll 14 API calls 14662->14664 14665 13bd48 14663->14665 14668 13bd26 14663->14668 14666 13bcf7 14664->14666 14667 12fb3e __Wcscoll 14 API calls 14665->14667 14666->14638 14669 13bd4d 14667->14669 14713 13bc3f 14668->14713 14670 12fa63 ___std_exception_copy 39 API calls 14669->14670 14670->14666 14673 13c50c ___scrt_is_nonwritable_in_current_image 14672->14673 14674 13c54d 14673->14674 14676 13c593 14673->14676 14682 13c514 14673->14682 14675 12f9e6 ___std_exception_copy 39 API calls 14674->14675 14675->14682 14683 1383d4 EnterCriticalSection 14676->14683 14678 13c599 14679 13c5b7 14678->14679 14684 13c611 14678->14684 14710 13c609 14679->14710 14682->14653 14683->14678 14685 13c639 14684->14685 14708 13c65c ___scrt_uninitialize_crt 14684->14708 14686 13c63d 14685->14686 14688 13c698 14685->14688 14687 12f9e6 ___std_exception_copy 39 API calls 14686->14687 14687->14708 14689 13c6b6 14688->14689 14690 13d08b ___scrt_uninitialize_crt 41 API calls 14688->14690 14691 13c18d ___scrt_uninitialize_crt 40 API calls 14689->14691 14690->14689 14692 13c6c8 14691->14692 14693 13c715 14692->14693 14694 13c6ce 14692->14694 14697 13c729 14693->14697 14698 13c77e WriteFile 14693->14698 14695 13c6d6 14694->14695 14696 13c6fd 14694->14696 14703 13c125 ___scrt_uninitialize_crt 6 API calls 14695->14703 14695->14708 14699 13bd5e ___scrt_uninitialize_crt 45 API calls 14696->14699 14701 13c731 14697->14701 14702 13c76a 14697->14702 14700 13c7a0 GetLastError 14698->14700 14698->14708 14699->14708 14700->14708 14705 13c756 14701->14705 14706 13c736 14701->14706 14704 13c20a ___scrt_uninitialize_crt 7 API calls 14702->14704 14703->14708 14704->14708 14707 13c3ce ___scrt_uninitialize_crt 8 API calls 14705->14707 14706->14708 14709 13c2e5 ___scrt_uninitialize_crt 7 API calls 14706->14709 14707->14708 14708->14679 14709->14708 14711 1383f7 ___scrt_uninitialize_crt LeaveCriticalSection 14710->14711 14712 13c60f 14711->14712 14712->14682 14714 13bc4b ___scrt_is_nonwritable_in_current_image 14713->14714 14726 1383d4 EnterCriticalSection 14714->14726 14716 13bc5a 14724 13bc9f 14716->14724 14727 1384ab 14716->14727 14718 12fb3e __Wcscoll 14 API calls 14720 13bca6 14718->14720 14719 13bc86 FlushFileBuffers 14719->14720 14721 13bc92 GetLastError 14719->14721 14743 13bcd5 14720->14743 14740 12fb2b 14721->14740 14724->14718 14726->14716 14728 1384b8 14727->14728 14729 1384cd 14727->14729 14730 12fb2b ___scrt_uninitialize_crt 14 API calls 14728->14730 14732 12fb2b ___scrt_uninitialize_crt 14 API calls 14729->14732 14735 1384f2 14729->14735 14731 1384bd 14730->14731 14734 12fb3e __Wcscoll 14 API calls 14731->14734 14733 1384fd 14732->14733 14736 12fb3e __Wcscoll 14 API calls 14733->14736 14737 1384c5 14734->14737 14735->14719 14738 138505 14736->14738 14737->14719 14739 12fa63 ___std_exception_copy 39 API calls 14738->14739 14739->14737 14741 133fa6 __Wcscoll 14 API calls 14740->14741 14742 12fb30 14741->14742 14742->14724 14744 1383f7 ___scrt_uninitialize_crt LeaveCriticalSection 14743->14744 14745 13bcbe 14744->14745 14745->14666 14746->14647 14747->14630 17028 1364d9 17029 1364e5 ___scrt_is_nonwritable_in_current_image 17028->17029 17040 130085 EnterCriticalSection 17029->17040 17031 1364ec 17041 138336 17031->17041 17039 13650a 17065 136530 17039->17065 17040->17031 17042 138342 ___scrt_is_nonwritable_in_current_image 17041->17042 17043 13834b 17042->17043 17044 13836c 17042->17044 17046 12fb3e __Wcscoll 14 API calls 17043->17046 17068 130085 EnterCriticalSection 17044->17068 17047 138350 17046->17047 17048 12fa63 ___std_exception_copy 39 API calls 17047->17048 17050 1364fb 17048->17050 17049 1383a4 17076 1383cb 17049->17076 17050->17039 17054 136373 GetStartupInfoW 17050->17054 17053 138378 17053->17049 17069 138286 17053->17069 17055 136390 17054->17055 17057 136424 17054->17057 17056 138336 40 API calls 17055->17056 17055->17057 17058 1363b8 17056->17058 17060 136429 17057->17060 17058->17057 17059 1363e8 GetFileType 17058->17059 17059->17058 17061 136430 17060->17061 17062 136473 GetStdHandle 17061->17062 17063 1364d5 17061->17063 17064 136486 GetFileType 17061->17064 17062->17061 17063->17039 17064->17061 17080 1300cd LeaveCriticalSection 17065->17080 17067 13651b 17068->17053 17070 134140 __Wcscoll 14 API calls 17069->17070 17072 138298 17070->17072 17071 1382a5 17073 133adc ___free_lconv_mon 14 API calls 17071->17073 17072->17071 17074 134db6 6 API calls 17072->17074 17075 1382fa 17073->17075 17074->17072 17075->17053 17079 1300cd LeaveCriticalSection 17076->17079 17078 1383d2 17078->17050 17079->17078 17080->17067 17215 1362ff 17216 138135 ___scrt_uninitialize_crt 68 API calls 17215->17216 17217 136307 17216->17217 17225 13b4e8 17217->17225 17219 13630c 17235 13b593 17219->17235 17222 136336 17223 133adc ___free_lconv_mon 14 API calls 17222->17223 17224 136341 17223->17224 17226 13b4f4 ___scrt_is_nonwritable_in_current_image 17225->17226 17239 130085 EnterCriticalSection 17226->17239 17228 13b56b 17246 13b58a 17228->17246 17230 13b4ff 17230->17228 17232 13b53f DeleteCriticalSection 17230->17232 17240 13cfd8 17230->17240 17233 133adc ___free_lconv_mon 14 API calls 17232->17233 17233->17230 17236 13b5aa 17235->17236 17238 13631b DeleteCriticalSection 17235->17238 17237 133adc ___free_lconv_mon 14 API calls 17236->17237 17236->17238 17237->17238 17238->17219 17238->17222 17239->17230 17241 13cfeb ___std_exception_copy 17240->17241 17249 13ceb3 17241->17249 17243 13cff7 17244 12f79f ___std_exception_copy 39 API calls 17243->17244 17245 13d003 17244->17245 17245->17230 17321 1300cd LeaveCriticalSection 17246->17321 17248 13b577 17248->17219 17250 13cebf ___scrt_is_nonwritable_in_current_image 17249->17250 17251 13cec9 17250->17251 17252 13ceec 17250->17252 17253 12f9e6 ___std_exception_copy 39 API calls 17251->17253 17254 13cee4 17252->17254 17260 13634b EnterCriticalSection 17252->17260 17253->17254 17254->17243 17256 13cf0a 17261 13cf4a 17256->17261 17258 13cf17 17275 13cf42 17258->17275 17260->17256 17262 13cf57 17261->17262 17263 13cf7a 17261->17263 17264 12f9e6 ___std_exception_copy 39 API calls 17262->17264 17265 13cf72 17263->17265 17266 138067 ___scrt_uninitialize_crt 64 API calls 17263->17266 17264->17265 17265->17258 17267 13cf92 17266->17267 17268 13b593 14 API calls 17267->17268 17269 13cf9a 17268->17269 17270 136210 ___scrt_uninitialize_crt 39 API calls 17269->17270 17271 13cfa6 17270->17271 17278 13dd56 17271->17278 17274 133adc ___free_lconv_mon 14 API calls 17274->17265 17320 13635f LeaveCriticalSection 17275->17320 17277 13cf48 17277->17254 17279 13cfad 17278->17279 17280 13dd7f 17278->17280 17279->17265 17279->17274 17281 13ddce 17280->17281 17283 13dda6 17280->17283 17282 12f9e6 ___std_exception_copy 39 API calls 17281->17282 17282->17279 17285 13dcc5 17283->17285 17286 13dcd1 ___scrt_is_nonwritable_in_current_image 17285->17286 17293 1383d4 EnterCriticalSection 17286->17293 17288 13dcdf 17290 13dd10 17288->17290 17294 13ddf9 17288->17294 17307 13dd4a 17290->17307 17293->17288 17295 1384ab ___scrt_uninitialize_crt 39 API calls 17294->17295 17298 13de09 17295->17298 17296 13de0f 17310 13841a 17296->17310 17298->17296 17299 13de41 17298->17299 17300 1384ab ___scrt_uninitialize_crt 39 API calls 17298->17300 17299->17296 17301 1384ab ___scrt_uninitialize_crt 39 API calls 17299->17301 17302 13de38 17300->17302 17303 13de4d CloseHandle 17301->17303 17304 1384ab ___scrt_uninitialize_crt 39 API calls 17302->17304 17303->17296 17305 13de59 GetLastError 17303->17305 17304->17299 17305->17296 17306 13de67 ___scrt_uninitialize_crt 17306->17290 17319 1383f7 LeaveCriticalSection 17307->17319 17309 13dd33 17309->17279 17311 138490 17310->17311 17312 138429 17310->17312 17313 12fb3e __Wcscoll 14 API calls 17311->17313 17312->17311 17318 138453 17312->17318 17314 138495 17313->17314 17315 12fb2b ___scrt_uninitialize_crt 14 API calls 17314->17315 17316 138480 17315->17316 17316->17306 17317 13847a SetStdHandle 17317->17316 17318->17316 17318->17317 17319->17309 17320->17277 17321->17248

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00122B30 Relevance: 79.0, APIs: 31, Strings: 14, Instructions: 216processCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WTSGetActiveConsoleSessionId.KERNEL32(74DF30D0,00000000,74DF1EA0), ref: 00122B4D
                                                                                                                                                                                            • WTSQueryUserToken.WTSAPI32(00000000,?), ref: 00122B73
                                                                                                                                                                                            • GetTokenInformation.KERNELBASE(?,00000013(TokenIntegrityLevel),00000000,00000004,?), ref: 00122BAD
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00122BBD
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00122BD0
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00000001), ref: 00122CAE
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00122CFD
                                                                                                                                                                                            • CreateProcessAsUserW.ADVAPI32(?,?,00000000,00000000,00000000,00000000,00000480,?,00000000,?,?), ref: 00122D32
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00122D49
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00122D51
                                                                                                                                                                                            • DestroyEnvironmentBlock.USERENV(?), ref: 00122D59
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00122D65
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00122D6D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseHandle$TokenUserwsprintf$ActiveBlockConsoleCreateDestroyEnvironmentErrorInformationLastProcessQuerySession
                                                                                                                                                                                            • String ID: $%ws\fast!\fast!.exe$D$Fast Engine: Convert SID error$Fast Engine: Create Env Block Error %d$Fast Engine: Create Process Error %d$Fast Engine: Duplicate Token Error$Fast Engine: Query User Token Error %d$Fast Engine: Set Token Info Error$Fast Engine: Set Token Info Error$Fast Engine: Token Error %d$ProgramFiles$S-1-5-32-544$winsta0\default
                                                                                                                                                                                            • API String ID: 413331851-1399582880
                                                                                                                                                                                            • Opcode ID: 62b4b658616d5b9a8d70d8e91e1a043199b1fd636066c5f7eb32a0f218e7a2a8
                                                                                                                                                                                            • Instruction ID: ded0dbb53aca4933fc7c7f724147f12704b2ea41352c9f1909fee539c2fe0b67
                                                                                                                                                                                            • Opcode Fuzzy Hash: 62b4b658616d5b9a8d70d8e91e1a043199b1fd636066c5f7eb32a0f218e7a2a8
                                                                                                                                                                                            • Instruction Fuzzy Hash: A37194B0B4012CABDF20AB64EC45BEDBB78EF44704F4040E9F608A61A1DB715ED58F69
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00121D20 Relevance: 27.0, APIs: 13, Strings: 2, Instructions: 735sleepprocessCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 31 121d20-121e79 call 12a5e0 call 123200 call 12ae52 call 124010 call 123910 42 121e7b 31->42 43 121e7f-121e96 call 1231b0 31->43 42->43 46 121e98-121eaf 43->46 47 121ecf-121f53 call 123020 43->47 48 121eb1-121ebf 46->48 49 121ec5-121ecc call 12b0d3 46->49 56 121f55-121f5b 47->56 57 121f5d-121f60 47->57 48->49 51 122314 call 12fa73 48->51 49->47 58 122319 call 12fa73 51->58 59 121f63-121f68 56->59 57->59 63 12231e-122339 call 12fa73 58->63 61 122205 59->61 62 121f6e-122025 59->62 64 12220b 61->64 65 122031-12204f call 1245f0 62->65 66 122027-12202c call 125840 62->66 77 12233b-12235c 63->77 78 12238f-122391 63->78 70 12220d-122213 64->70 75 122051-122061 65->75 76 122096-12209e 65->76 66->65 73 122215-122227 70->73 74 12224a-122260 70->74 79 122229-122237 73->79 80 12223d-122247 call 12b0d3 73->80 81 122262-122288 74->81 82 1222ab-1222ad 74->82 85 122063-122071 75->85 86 122077-12208f call 12b0d3 75->86 89 1220a0-1220b3 76->89 90 1220f1-1220f9 76->90 87 122370-122388 call 12b0d3 77->87 88 12235e-12236c 77->88 79->63 79->80 80->74 92 12228a-122298 81->92 93 12229e-1222a8 call 12b0d3 81->93 83 1222d7-1222e3 82->83 84 1222af-1222b7 82->84 99 1222f6-122313 call 12ae3f 83->99 100 1222e5-1222ec 83->100 84->83 97 1222b9-1222be 84->97 85->58 85->86 86->76 87->78 101 122392-1223fc call 12fa73 88->101 102 12236e 88->102 103 1220b5-1220c3 89->103 104 1220c9-1220e7 call 12b0d3 89->104 94 1220fb-12210e 90->94 95 12214c-122154 90->95 92->63 92->93 93->82 111 122110-12211e 94->111 112 122124-122142 call 12b0d3 94->112 115 122156-122169 95->115 116 1221a7-1221af 95->116 97->83 114 1222c0-1222d5 97->114 100->99 132 1222ee-1222f2 100->132 136 122400-122402 101->136 102->87 103->58 103->104 104->90 111->58 111->112 112->95 114->83 121 12216b-122179 115->121 122 12217f-12219d call 12b0d3 115->122 124 1221b1-1221c4 116->124 125 1221e4-1221ef 116->125 121->58 121->122 122->116 133 1221c6-1221d4 124->133 134 1221da-1221e1 call 12b0d3 124->134 125->64 127 1221f1-1221ff 125->127 127->64 135 122201-122203 127->135 132->99 133->58 133->134 134->125 135->70 140 122404-122405 CloseHandle 136->140 141 12240b-12248a call 123020 call 12df60 CreateToolhelp32Snapshot 136->141 140->141 146 12249a-1224aa Process32FirstW 141->146 147 12248c-122495 141->147 149 122573-12258d FindCloseChangeNotification 146->149 150 1224b0-1224be 146->150 148 122590-12259a 147->148 152 1225cb-1225f0 call 12b0e1 148->152 153 12259c-1225ab 148->153 149->148 151 1224c0-1224c9 150->151 157 1224d0-1224d9 151->157 163 1225f6-122614 OpenProcess 152->163 164 1226c7-1226d8 call 12ae4d 152->164 154 1225c1-1225c8 call 12b0d3 153->154 155 1225ad-1225bb 153->155 154->152 155->154 159 122890-122895 call 12fa73 155->159 157->157 158 1224db-1224f2 157->158 166 1224f4-1224fc 158->166 167 12254c-122561 Process32NextW 158->167 172 122616-122622 K32GetProcessImageFileNameW 163->172 173 122628-122635 call 121d20 163->173 181 122660 164->181 182 1226da-1226e2 164->182 170 122513-122515 166->170 171 1224fe 166->171 167->151 168 122567-12256d 167->168 168->149 177 122517-122528 170->177 178 12252a-122543 call 123ad0 170->178 176 122500-122506 171->176 172->173 188 1226c1 173->188 189 12263b-122650 CloseHandle 173->189 183 122508-122511 176->183 184 122549 176->184 177->184 178->184 186 122666-12266f GetLastError 181->186 182->186 187 1226e4-1226eb 182->187 183->170 183->176 184->167 194 122847-122849 186->194 195 122675-122689 Sleep 186->195 191 12274d-122795 GetProcessTimes 187->191 192 1226ed-1226f5 187->192 188->164 189->163 193 122652-12265d call 12ae4d 189->193 191->194 196 12279b-1227db GetSystemTimeAsFileTime 191->196 197 1226f7-1226f9 192->197 198 1226fb-122715 Sleep 192->198 193->181 199 122874-12288f call 12ae3f 194->199 200 12284b-122858 194->200 195->136 202 12268f-12269c 195->202 204 122841 196->204 205 1227dd 196->205 197->191 197->198 198->136 207 12271b-122728 198->207 210 12286a-122871 call 12b0d3 200->210 211 12285a-122868 200->211 208 1226b2-1226bc call 12b0d3 202->208 209 12269e-1226ac 202->209 204->194 212 1227e7-122807 Sleep 205->212 213 1227df-1227e5 205->213 214 12272a-122738 207->214 215 12273e-122748 call 12b0d3 207->215 208->136 209->159 209->208 210->199 211->159 211->210 212->136 219 12280d-12281a 212->219 213->204 213->212 214->159 214->215 215->136 223 12282c-12283c call 12b0d3 219->223 224 12281c-12282a 219->224 223->136 224->159 224->223
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 0012A5E0: __EH_prolog3.LIBCMT ref: 0012A5E7
                                                                                                                                                                                              • Part of subcall function 0012A5E0: std::_Lockit::_Lockit.LIBCPMT ref: 0012A5F2
                                                                                                                                                                                              • Part of subcall function 0012A5E0: std::locale::_Setgloballocale.LIBCPMT ref: 0012A60D
                                                                                                                                                                                              • Part of subcall function 0012A5E0: _Yarn.LIBCPMT ref: 0012A623
                                                                                                                                                                                              • Part of subcall function 0012A5E0: std::_Lockit::~_Lockit.LIBCPMT ref: 0012A660
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::_Lockit.LIBCPMT ref: 00123238
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::_Lockit.LIBCPMT ref: 0012325B
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::~_Lockit.LIBCPMT ref: 0012327B
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::~_Lockit.LIBCPMT ref: 001232B0
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::_Lockit.LIBCPMT ref: 001232BF
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::_Lockit.LIBCPMT ref: 001232E4
                                                                                                                                                                                              • Part of subcall function 00123200: std::_Lockit::~_Lockit.LIBCPMT ref: 00123304
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00122405
                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00122472
                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,?,?,?,explorer.exe), ref: 00122606
                                                                                                                                                                                            • K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 00122622
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,explorer.exe,?,?,?,?,?,?,?,00000000,00000000), ref: 00122641
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 00122666
                                                                                                                                                                                            • Sleep.KERNEL32(00002710), ref: 0012267A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_$Lockit::~_$CloseHandleProcess$CreateErrorFileH_prolog3ImageLastNameOpenSetgloballocaleSleepSnapshotToolhelp32Yarnstd::locale::_
                                                                                                                                                                                            • String ID: (\\Device\\HarddiskVolume)(\d+)(\\Windows\\explorer\.exe)$explorer.exe
                                                                                                                                                                                            • API String ID: 4108497731-2754912422
                                                                                                                                                                                            • Opcode ID: 8cc21330536928a17df63ae3bff8ba79dfafb34ce4a7372e44bb98ba9838e21b
                                                                                                                                                                                            • Instruction ID: 4546e40e5dd122da0daaa5c24f01fe63c082cbd825775f7fa55d001507c02ba7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8cc21330536928a17df63ae3bff8ba79dfafb34ce4a7372e44bb98ba9838e21b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1852E571D002289FDF28CF28DC987AEBBB1FF45314F148299E419AB291D7759A94CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 001223A0 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 281sleepprocessCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 228 1223a0-1223fc 229 122400-122402 228->229 230 122404-122405 CloseHandle 229->230 231 12240b-12248a call 123020 call 12df60 CreateToolhelp32Snapshot 229->231 230->231 236 12249a-1224aa Process32FirstW 231->236 237 12248c-122495 231->237 239 122573-12258d FindCloseChangeNotification 236->239 240 1224b0-1224be 236->240 238 122590-12259a 237->238 242 1225cb-1225f0 call 12b0e1 238->242 243 12259c-1225ab 238->243 239->238 241 1224c0-1224c9 240->241 244 1224d0-1224d9 241->244 256 1225f6-122614 OpenProcess 242->256 257 1226c7-1226d8 call 12ae4d 242->257 245 1225c1-1225c8 call 12b0d3 243->245 246 1225ad-1225bb 243->246 244->244 248 1224db-1224f2 244->248 245->242 246->245 249 122890-122895 call 12fa73 246->249 253 1224f4-1224fc 248->253 254 12254c-122561 Process32NextW 248->254 260 122513-122515 253->260 261 1224fe 253->261 254->241 258 122567-12256d 254->258 262 122616-122622 K32GetProcessImageFileNameW 256->262 263 122628-122635 call 121d20 256->263 271 122660 257->271 272 1226da-1226e2 257->272 258->239 266 122517-122528 260->266 267 12252a-122543 call 123ad0 260->267 265 122500-122506 261->265 262->263 276 1226c1 263->276 277 12263b-122650 CloseHandle 263->277 273 122508-122511 265->273 274 122549 265->274 266->274 267->274 278 122666-12266f GetLastError 271->278 272->278 279 1226e4-1226eb 272->279 273->260 273->265 274->254 276->257 277->256 281 122652-12265d call 12ae4d 277->281 284 122847-122849 278->284 285 122675-122689 Sleep 278->285 282 12274d-122795 GetProcessTimes 279->282 283 1226ed-1226f5 279->283 281->271 282->284 286 12279b-1227db GetSystemTimeAsFileTime 282->286 288 1226f7-1226f9 283->288 289 1226fb-122715 Sleep 283->289 291 122874-12288f call 12ae3f 284->291 292 12284b-122858 284->292 285->229 290 12268f-12269c 285->290 294 122841 286->294 295 1227dd 286->295 288->282 288->289 289->229 297 12271b-122728 289->297 298 1226b2-1226bc call 12b0d3 290->298 299 12269e-1226ac 290->299 300 12286a-122871 call 12b0d3 292->300 301 12285a-122868 292->301 294->284 303 1227e7-122807 Sleep 295->303 304 1227df-1227e5 295->304 305 12272a-122738 297->305 306 12273e-122748 call 12b0d3 297->306 298->229 299->249 299->298 300->291 301->249 301->300 303->229 309 12280d-12281a 303->309 304->294 304->303 305->249 305->306 306->229 313 12282c-12283c call 12b0d3 309->313 314 12281c-12282a 309->314 313->229 314->249 314->313
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00122405
                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00122472
                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 001224A2
                                                                                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 00122559
                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00122579
                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,?,?,?,explorer.exe), ref: 00122606
                                                                                                                                                                                            • K32GetProcessImageFileNameW.KERNEL32(00000000,?,00000104,?,?,?,?,00000000,00000000), ref: 00122622
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,explorer.exe,?,?,?,?,?,?,?,00000000,00000000), ref: 00122641
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000000), ref: 00122666
                                                                                                                                                                                            • Sleep.KERNEL32(00002710), ref: 0012267A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Close$HandleProcessProcess32$ChangeCreateErrorFileFindFirstImageLastNameNextNotificationOpenSleepSnapshotToolhelp32
                                                                                                                                                                                            • String ID: explorer.exe
                                                                                                                                                                                            • API String ID: 1892969530-3187896405
                                                                                                                                                                                            • Opcode ID: 464f58563b743f8366d8635b17363efe38c34e75ed0002e136fbd5742dff9051
                                                                                                                                                                                            • Instruction ID: 10171bfd765c330cf64b9a9abf3078b407ff3ae956d355a0709e00ca54afda47
                                                                                                                                                                                            • Opcode Fuzzy Hash: 464f58563b743f8366d8635b17363efe38c34e75ed0002e136fbd5742dff9051
                                                                                                                                                                                            • Instruction Fuzzy Hash: 87B1A072D05239ABDF249F28ED897ADB7B4EF05310F1442E9E818A72A1D7349E91CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 001228D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 364 1228d0-1228fe StartServiceCtrlDispatcherW 365 122900-122909 GetLastError 364->365 366 12290a-12290f 364->366
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • StartServiceCtrlDispatcherW.ADVAPI32(?), ref: 001228F6
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00122900
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CtrlDispatcherErrorLastServiceStart
                                                                                                                                                                                            • String ID: FastSRV
                                                                                                                                                                                            • API String ID: 3783796564-1196406248
                                                                                                                                                                                            • Opcode ID: 1a61782942bce7f6c2a5dff6f9a2c257312b45d8bedcc54284d4e8fc21b18a15
                                                                                                                                                                                            • Instruction ID: 111271306e23d3f3a0e254af253a99068908a2b726b2768873df850dae6be95e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a61782942bce7f6c2a5dff6f9a2c257312b45d8bedcc54284d4e8fc21b18a15
                                                                                                                                                                                            • Instruction Fuzzy Hash: EFE0BF74D0421CABDB10DFA5A90976EBBB8EB05309F004599DC1CA2611E77556648BA2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00122910 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 93registrysynchronizationthreadCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 318 122910-122917 319 12295a-122973 RegisterServiceCtrlHandlerExW 318->319 320 122919-122921 318->320 321 122ab0-122ab1 319->321 322 122979-1229e3 SetServiceStatus CreateEventW 319->322 323 122924-12292a 320->323 324 1229e5-122a18 GetLastError SetServiceStatus 322->324 325 122a1b-122aaf SetServiceStatus CreateThread WaitForSingleObject CloseHandle SetServiceStatus 322->325 326 12294a-12294c 323->326 327 12292c-12292f 323->327 325->321 328 12294f-122951 326->328 329 122931-122939 327->329 330 122946-122948 327->330 328->319 331 122953 328->331 329->326 332 12293b-122944 329->332 330->328 331->319 332->323 332->330
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegisterServiceCtrlHandlerExW.ADVAPI32(FastSRV,00122AC0,00000000), ref: 00122966
                                                                                                                                                                                            • SetServiceStatus.SECHOST(00000000,0014BDF8), ref: 001229CC
                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000001,00000000,00000000), ref: 001229D6
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 001229F4
                                                                                                                                                                                            • SetServiceStatus.ADVAPI32(0014BDF8), ref: 00122A14
                                                                                                                                                                                            • SetServiceStatus.ADVAPI32(0014BDF8), ref: 00122A4E
                                                                                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,Function_00002E40,00000000,00000000,00000000), ref: 00122A5F
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00122A68
                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 00122A74
                                                                                                                                                                                            • SetServiceStatus.ADVAPI32(0014BDF8), ref: 00122AAD
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Service$Status$Create$CloseCtrlErrorEventHandleHandlerLastObjectRegisterSingleThreadWait
                                                                                                                                                                                            • String ID: FastSRV$logoff
                                                                                                                                                                                            • API String ID: 4143498620-384721677
                                                                                                                                                                                            • Opcode ID: 9f0679da3584bb01a5dcdc3fbfeca136c594cafcbc62987b055fdb17f3500456
                                                                                                                                                                                            • Instruction ID: 1201457be8c3c07a96c2918d66554cc9285fb51cfacf11e57121918e5976c30a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f0679da3584bb01a5dcdc3fbfeca136c594cafcbc62987b055fdb17f3500456
                                                                                                                                                                                            • Instruction Fuzzy Hash: F731B2B8648225ABE7108F65ECA9B853BA1F712718F008018E614A6AF1C7F6D0D4CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00122E40 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 43synchronizationsleepCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 333 122e40-122e5c WaitForSingleObject 334 122eb5-122ebd 333->334 335 122e5e 333->335 336 122e64-122e82 WTSGetActiveConsoleSessionId wsprintfW 335->336 337 122e84-122e89 call 1223a0 call 122b30 336->337 338 122e9c-122eb3 Sleep WaitForSingleObject 336->338 342 122e8e-122e96 337->342 338->334 338->336 342->338
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000), ref: 00122E58
                                                                                                                                                                                            • WTSGetActiveConsoleSessionId.KERNEL32 ref: 00122E64
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00122E73
                                                                                                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 00122EA1
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000), ref: 00122EAF
                                                                                                                                                                                              • Part of subcall function 001223A0: CloseHandle.KERNEL32(?), ref: 00122405
                                                                                                                                                                                              • Part of subcall function 001223A0: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00122472
                                                                                                                                                                                              • Part of subcall function 001223A0: OpenProcess.KERNEL32(00000410,00000000,00000000,?,?,?,?,?,explorer.exe), ref: 00122606
                                                                                                                                                                                              • Part of subcall function 00122B30: WTSGetActiveConsoleSessionId.KERNEL32(74DF30D0,00000000,74DF1EA0), ref: 00122B4D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Fast Engine: id:%d, xrefs: 00122E69
                                                                                                                                                                                            • Fast Engine: Set Token Info Error, xrefs: 00122E6E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ActiveConsoleObjectSessionSingleWait$CloseCreateHandleOpenProcessSleepSnapshotToolhelp32wsprintf
                                                                                                                                                                                            • String ID: Fast Engine: Set Token Info Error$Fast Engine: id:%d
                                                                                                                                                                                            • API String ID: 2001961009-1331704477
                                                                                                                                                                                            • Opcode ID: 41f61e968d69bee1bbab4d9e209ef00c5e3c8b83d569c292a0eb0a10420d7019
                                                                                                                                                                                            • Instruction ID: 2e06b6b7dcde1c151cb6b9d5eb77afcf55a9f21a18d6358ac1e6b4a0b45edff2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 41f61e968d69bee1bbab4d9e209ef00c5e3c8b83d569c292a0eb0a10420d7019
                                                                                                                                                                                            • Instruction Fuzzy Hash: 43F04C32A40220BBD6206B2DBD46F193758EF097A0F120235F914E38F0EB717C51C6B6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 001349FB Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 343 1349fb-134a07 344 134a99-134a9c 343->344 345 134aa2 344->345 346 134a0c-134a1d 344->346 349 134aa4-134aa8 345->349 347 134a2a-134a43 LoadLibraryExW 346->347 348 134a1f-134a22 346->348 352 134a45-134a4e GetLastError 347->352 353 134aa9-134ab9 347->353 350 134ac2-134ac4 348->350 351 134a28 348->351 350->349 355 134a96 351->355 356 134a50-134a62 call 1338a8 352->356 357 134a87-134a94 352->357 353->350 354 134abb-134abc FreeLibrary 353->354 354->350 355->344 356->357 360 134a64-134a76 call 1338a8 356->360 357->355 360->357 363 134a78-134a85 LoadLibraryExW 360->363 363->353 363->357
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00134B0A,74DF30D0,-00000002,00000000,0012A425,74DF30D2,?,00134D15,00000022,FlsSetValue,00142838,00142840,0012A425), ref: 00134ABC
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FreeLibrary
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3664257935-537541572
                                                                                                                                                                                            • Opcode ID: 1524a22a1e037da0f1337b6f1172027d0da6160944deb91d7f05ffc09a16e062
                                                                                                                                                                                            • Instruction ID: 6f3479b7421bfad6d446acdea90ebb3d7065d4a540a082205e16a7b3ca781626
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1524a22a1e037da0f1337b6f1172027d0da6160944deb91d7f05ffc09a16e062
                                                                                                                                                                                            • Instruction Fuzzy Hash: D221E77AA40121EBDB219B65EC41A5A3B68DF42771F250624F912A76A0E730FD41C6E4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00130C46 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00130C40,00000016,0012F866,?,?,4BF42BE9,0012F866,?), ref: 00130C57
                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00130C40,00000016,0012F866,?,?,4BF42BE9,0012F866,?), ref: 00130C5E
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00130C70
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                            • Opcode ID: 81dc70adaebdda578bf962996d0b3fad2408e33874f0ab871c9defe02bd0ccc5
                                                                                                                                                                                            • Instruction ID: c0313c921d8814178cc110de3227f9e897b3762920c3851508f6f3ebbe92de0b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 81dc70adaebdda578bf962996d0b3fad2408e33874f0ab871c9defe02bd0ccc5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 75D09231400248FFCF162FA4ED1D88D3FAAAF48351F149264B9498A472CB319992DA90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00134AC6 Relevance: 1.6, APIs: 1, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 374 134ac6-134af0 375 134af2-134af4 374->375 376 134af6-134af8 374->376 377 134b47-134b4a 375->377 378 134afa-134afc 376->378 379 134afe-134b05 call 1349fb 376->379 378->377 381 134b0a-134b0e 379->381 382 134b10-134b1e GetProcAddress 381->382 383 134b2d-134b44 381->383 382->383 384 134b20-134b2b call 130aa8 382->384 385 134b46 383->385 384->385 385->377
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e241309ae1da38494c337299276d32f5242237eb2939ebd25dee9c36c080d4ed
                                                                                                                                                                                            • Instruction ID: 0c5b89b40d64ad76ca14ca128b312bd28bab266b3ee408c8955709adb0d7ccc5
                                                                                                                                                                                            • Opcode Fuzzy Hash: e241309ae1da38494c337299276d32f5242237eb2939ebd25dee9c36c080d4ed
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B0124376402259FDB2ACF6CEC80E5773A9EBC5720B224124F904DB5A8DB31F889D791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 0013A3D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,0013A6E6,00000002,00000000,?,?,?,0013A6E6,?,00000000), ref: 0013A46D
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,0013A6E6,00000002,00000000,?,?,?,0013A6E6,?,00000000), ref: 0013A496
                                                                                                                                                                                            • GetACP.KERNEL32(?,?,0013A6E6,?,00000000), ref: 0013A4AB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                            • Opcode ID: 8b24d54473e4421388edcecdda288ef0308e58850593d3a35084194ff9e3032b
                                                                                                                                                                                            • Instruction ID: 71cbfae4e1fe33a46016940de2b0fedb5b3f03f85ac4dea967ce157c35846bb2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b24d54473e4421388edcecdda288ef0308e58850593d3a35084194ff9e3032b
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8218362B00105EADB348F14D908A9777AAEF54B60FDE8024E9CAD7111FBB2DD41C352
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013A5B0 Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 0013A6B8
                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 0013A6F6
                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 0013A709
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 0013A751
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 0013A76C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                            • Opcode ID: b8dddcfa2e5e456c861666dc6441ad3d6771cc2c04fe4b7933d111c1bf76de99
                                                                                                                                                                                            • Instruction ID: 3b527e9abcbd45bca6e46f80195ee010dd3aaa4fc83e225c59d6151e93e872c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: b8dddcfa2e5e456c861666dc6441ad3d6771cc2c04fe4b7933d111c1bf76de99
                                                                                                                                                                                            • Instruction Fuzzy Hash: AC518FB1A00205AFDF10DFA5CC86ABE77BCBF18700F994429F955E7190E7719944CB62
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00139C3B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 254COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • GetACP.KERNEL32(?,?,?,?,?,?,00132123,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00139CFA
                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,00132123,?,?,?,00000055,?,-00000050,?,?), ref: 00139D31
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00139E94
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$CodeInfoLocalePageValid
                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                            • API String ID: 607553120-905460609
                                                                                                                                                                                            • Opcode ID: e056b83743caa9390dd246c70d7d779f501ce5e319f92ca0ad634d43c68807c7
                                                                                                                                                                                            • Instruction ID: 9ee1e312c2009ee878409ee7be3fc945dc172814a4b09746f14a1f2343d9bc9f
                                                                                                                                                                                            • Opcode Fuzzy Hash: e056b83743caa9390dd246c70d7d779f501ce5e319f92ca0ad634d43c68807c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E71E272A00316AAEB25EB74CC42FAB73A8EF54710F15047AF955DB181EBB0ED40C761
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00136EE1 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00136F7C
                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00136FF7
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00137019
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 0013703C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1164774033-0
                                                                                                                                                                                            • Opcode ID: a0abd0cd5130fe1dbe1e3f45ef0e829240cf2848da112e14bfd688bf41248467
                                                                                                                                                                                            • Instruction ID: c7ef83b834be93a0fda0e3ca695e36ecfffc90bf10fffd71471d630177fc414c
                                                                                                                                                                                            • Opcode Fuzzy Hash: a0abd0cd5130fe1dbe1e3f45ef0e829240cf2848da112e14bfd688bf41248467
                                                                                                                                                                                            • Instruction Fuzzy Hash: BF41C371900629AFDB34EF64EC989BAB7BDEF85315F148195F405D7180EB309E848F60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012B7FD Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 0012B809
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 0012B8D5
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0012B8F5
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 0012B8FF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                            • Opcode ID: d6deb7ef8ec74c85c334e74bc7b34f62045ae45534ca471587d8475c76a3fe27
                                                                                                                                                                                            • Instruction ID: a39dcf7948acfc40e0565b19b6c90c4c1dbf477a5d7d33fa9f8ae14a739e25fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: d6deb7ef8ec74c85c334e74bc7b34f62045ae45534ca471587d8475c76a3fe27
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B3129B5D0522C9BDF10DFA4E9897CDBBB8BF08304F1040AAE50DAB291EB705A85CF44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013A058 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0013A0AC
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0013A0F6
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0013A1BC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 661929714-0
                                                                                                                                                                                            • Opcode ID: e890211cade6a7bb707488615a8832a5706f6719f6a34edc218a7924d6674adb
                                                                                                                                                                                            • Instruction ID: 5992fc3f452b02b5a07684e3a9b5031d1b72e8171999da9b5eb9ce4a7911a6c9
                                                                                                                                                                                            • Opcode Fuzzy Hash: e890211cade6a7bb707488615a8832a5706f6719f6a34edc218a7924d6674adb
                                                                                                                                                                                            • Instruction Fuzzy Hash: F161BF71A40207AFEB28DF28CC82BBAB7A8EF14300F50417AED45D6185F735D985CB52
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012F867 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,?,?,0012A425), ref: 0012F95F
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,0012A425), ref: 0012F969
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(74DF2DA8,?,?,?,?,?,0012A425), ref: 0012F976
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3906539128-0
                                                                                                                                                                                            • Opcode ID: 02e6e52798c0162d3e9a4463757aad198ce1d1cfe12c4a6c0890bf2802065c1d
                                                                                                                                                                                            • Instruction ID: ea2181dd23f75185718aa7f45f2676318ca879ba7aa5db875cd927c4bbb3d135
                                                                                                                                                                                            • Opcode Fuzzy Hash: 02e6e52798c0162d3e9a4463757aad198ce1d1cfe12c4a6c0890bf2802065c1d
                                                                                                                                                                                            • Instruction Fuzzy Hash: E231D774901228ABCB21DF24E98879DB7B8BF18314F5041EAF41CA7251E7709B958F44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012B3DE Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0012B3F4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FeaturePresentProcessor
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2325560087-0
                                                                                                                                                                                            • Opcode ID: 3ee3759a809f123522ea83e03d87b3866d605ed7d62d186a1a2fe76861505d79
                                                                                                                                                                                            • Instruction ID: a77cfd7d0260b1eb4cbe2ea51ded2fba6846a04fd31f5258a559997b7d7a7fff
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ee3759a809f123522ea83e03d87b3866d605ed7d62d186a1a2fe76861505d79
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D51A0759086258FEB28CF54E8C17AEBBF0FB44310F24846AE415EB661D375EA90CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013A2AB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 0013A2FF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                            • Opcode ID: 22aa9a6801a51147b2b86926198b14b1401cd570b181a4a049f466e2ea77a6bb
                                                                                                                                                                                            • Instruction ID: d26101f8a9cf918496687151608ab31dd2cd0ac3b94bf93aa901b786e3652076
                                                                                                                                                                                            • Opcode Fuzzy Hash: 22aa9a6801a51147b2b86926198b14b1401cd570b181a4a049f466e2ea77a6bb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2521CF32A00206ABEF289B25DC82ABA73ACFF54310F50407AFD05D7141FB34ED448B51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00139F32 Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0013A058,00000001,00000000,?,-00000050,?,0013A68C,00000000,?,?,?,00000055,?), ref: 00139FA4
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                            • Opcode ID: 898601c031fd19e0d025fd20996902347d7a23267903e0f9108733c1ed699de9
                                                                                                                                                                                            • Instruction ID: 29fd1bd95b9c0d6506e20454ee138e09d697331f43d939c78cd9196b8d0d6f87
                                                                                                                                                                                            • Opcode Fuzzy Hash: 898601c031fd19e0d025fd20996902347d7a23267903e0f9108733c1ed699de9
                                                                                                                                                                                            • Instruction Fuzzy Hash: E511E53B2047059FDB189F39D8955BABB96FF84369F58442CE98A87A40D371B942CB40
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013A4DA Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,0013A274,00000000,00000000,?), ref: 0013A506
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3736152602-0
                                                                                                                                                                                            • Opcode ID: 9d030853d2db27f14c6299bd7e561ad876f81901e1ca5c8fdfdf283148ee998e
                                                                                                                                                                                            • Instruction ID: c2e30506370271ff5ec19e5d33e9a1a3eccfc86296519076b3479fb6b291a87b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d030853d2db27f14c6299bd7e561ad876f81901e1ca5c8fdfdf283148ee998e
                                                                                                                                                                                            • Instruction Fuzzy Hash: B801A932700112ABDF2C9A65CC46ABB7769EF40754F554439EC96B3180EB74FE41C691
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00139E40 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00139E94
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$InfoLocale
                                                                                                                                                                                            • String ID: utf8
                                                                                                                                                                                            • API String ID: 3736152602-905460609
                                                                                                                                                                                            • Opcode ID: 837be19c180f88c71b7adb8e8806545a836339c6073df24d3fc9c610843ee88b
                                                                                                                                                                                            • Instruction ID: c08adbdf088c690ac3eabe96a783a5bf4fa7285e57088bfa304be9f0a42a9cc6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 837be19c180f88c71b7adb8e8806545a836339c6073df24d3fc9c610843ee88b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 07F0C832610205EBD714EB34DC45EFA73ACDF55710F11017AB506D7281EB74AD498754
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00139FCD Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(0013A2AB,00000001,?,?,-00000050,?,0013A654,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 0013A017
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                            • Opcode ID: d7297ad0e5b5715a6cc45b6e510fc05e4ffe5dab245f675572627a4108f02b4f
                                                                                                                                                                                            • Instruction ID: b15c7b57ed54a05e868230f175565e089a9ffb0b9ec5918bf8b699bbea534104
                                                                                                                                                                                            • Opcode Fuzzy Hash: d7297ad0e5b5715a6cc45b6e510fc05e4ffe5dab245f675572627a4108f02b4f
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1F0F6362003049FDB289F79DC85A7A7B95FF81768F05442CF9868B690D7B29C42C650
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013482E Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00130085: EnterCriticalSection.KERNEL32(-00020FE3,?,001308D5,00000000,00148240,0000000C,0013089D,?,?,00134173,?,?,00133FF3,00000001,00000364,0012A425), ref: 00130094
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00134821,00000001,00148468,0000000C,00134C37,00000000), ref: 00134866
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalEnterEnumLocalesSectionSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1272433827-0
                                                                                                                                                                                            • Opcode ID: b17f94a9f6b240c8d5ba1d706dbc3e4f5550bce4747f820f98e4d87273481971
                                                                                                                                                                                            • Instruction ID: e43b7b48a44bfc570bd866cc768940a0bdf5d927de6bbf02c70c6081f03f6c35
                                                                                                                                                                                            • Opcode Fuzzy Hash: b17f94a9f6b240c8d5ba1d706dbc3e4f5550bce4747f820f98e4d87273481971
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2EF044B6A44205EFDB10EF98E846B9C7BF0FB59722F10416AF4049B3E1CB7599848B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00139EE7 Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00133E54: GetLastError.KERNEL32(00000000,?,00136842), ref: 00133E58
                                                                                                                                                                                              • Part of subcall function 00133E54: SetLastError.KERNEL32(00000000,00000000,0012A425,00000006,000000FF), ref: 00133EFA
                                                                                                                                                                                            • EnumSystemLocalesW.KERNEL32(00139E40,00000001,?,?,?,0013A6AE,-00000050,?,?,?,00000055,?,-00000050,?,?,00000004), ref: 00139F1E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast$EnumLocalesSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2417226690-0
                                                                                                                                                                                            • Opcode ID: 1ea6171fd7f34377c3c4bce13e2e1f01e6cca062bf245e5d5149818ac85fefd5
                                                                                                                                                                                            • Instruction ID: edc6509d49036ecc587e5dc6b807c18511356b67bdc9f728e0456906bd53109d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1ea6171fd7f34377c3c4bce13e2e1f01e6cca062bf245e5d5149818ac85fefd5
                                                                                                                                                                                            • Instruction Fuzzy Hash: ACF0E53A30020597CB14DF75D84966ABF94EFC1715F0A4469EA098B690C7B19986C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00134D3B Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,00132C99,?,20001004,00000000,00000002,?,?,0013228B), ref: 00134D6F
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2299586839-0
                                                                                                                                                                                            • Opcode ID: abb3d2055737bb7fa85d18c13e11bdd14760b7928b86b0b69fdf700437c71fa7
                                                                                                                                                                                            • Instruction ID: 84087a5dbad44e7ef0e5d5d552c99f2a825610b4c2a54c606b07506f4546d136
                                                                                                                                                                                            • Opcode Fuzzy Hash: abb3d2055737bb7fa85d18c13e11bdd14760b7928b86b0b69fdf700437c71fa7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9DE04F31500218BBCF126FA0EC08E9E3E25EF54760F004024FD0566620DB359921AB95
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00137DDA Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                            • Opcode ID: fe37f61d8cd42ccbd52177466aa6454cdc30bc132e8a5059d40c91f862fcf644
                                                                                                                                                                                            • Instruction ID: a33f1cea1a84f953d13e2c023ca78c0c5697f5a862c05627235ab1dc89360d78
                                                                                                                                                                                            • Opcode Fuzzy Hash: fe37f61d8cd42ccbd52177466aa6454cdc30bc132e8a5059d40c91f862fcf644
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AA01234504104CB83004F346A9820937D9A70118070400286408C0530D72480C15601
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00123200 Relevance: 18.2, APIs: 12, Instructions: 232COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00123238
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 0012325B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0012327B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 001232B0
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001232BF
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001232E4
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00123304
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00123383
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 001233DF
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 001233F7
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00123414
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00123419
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                            • Opcode ID: 9cf300c209387df517fbd96dad2527e3ee5b3a052baec25ef8e51752bebfccc9
                                                                                                                                                                                            • Instruction ID: 7feb9ea53a6956da784ddb01f5e46f81f1726ded841640c421f133f99fbb9e49
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cf300c209387df517fbd96dad2527e3ee5b3a052baec25ef8e51752bebfccc9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B810036900225CFCB25DF58E8816AEBBB0FF55320F154159E825A7361DB34AF61CBE1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012E63B Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 0012E75A
                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 0012E868
                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 0012E9BA
                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 0012E9D5
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 2751267872-393685449
                                                                                                                                                                                            • Opcode ID: 29a5f3bf2275338ea47806ffd0cfd4231448c1fec81cc3149ffc6ae4dce2857c
                                                                                                                                                                                            • Instruction ID: 37c9eb5812061cae68426e3b1807fba297381d1cf66a4444f67e08ab023618d5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29a5f3bf2275338ea47806ffd0cfd4231448c1fec81cc3149ffc6ae4dce2857c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 37B15971800229EFCF29DFA4E9819AEB7F5FF14314B15416AE8056B212D731DA71CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00121540 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 001215C9
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0012161E
                                                                                                                                                                                            • __Getctype.LIBCPMT ref: 00121637
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00121681
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 0012171F
                                                                                                                                                                                            • __Getwctype.LIBCPMT ref: 0012175A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Lockit$GetctypeGetwctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                            • API String ID: 2702795554-1405518554
                                                                                                                                                                                            • Opcode ID: 44f88209066aecc2804ed57888e666168ceceb10f08fefee1e0da33827e84706
                                                                                                                                                                                            • Instruction ID: 99ead00d2c6aa2ac659eddbfb4acbe7b574ef23da29ffcbabe919c989857a07e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 44f88209066aecc2804ed57888e666168ceceb10f08fefee1e0da33827e84706
                                                                                                                                                                                            • Instruction Fuzzy Hash: 355194B1C003689BEB10DFA4D94179EB7F8FF24314F144169E849A7241EB35EA98CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 001236C0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00123740
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00123793
                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 001237A5
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 001237C4
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00123859
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Lockit$GetcollLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                            • API String ID: 1629477862-1405518554
                                                                                                                                                                                            • Opcode ID: 4c66180105843201a963294c26cf45cc993662c44b21c95737dc7dd30fee92f9
                                                                                                                                                                                            • Instruction ID: 93e97470128fbaa1cd339407564cac4d28f28387a30478ee76ac0bb6dfbee7c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c66180105843201a963294c26cf45cc993662c44b21c95737dc7dd30fee92f9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63518FB1D003689FEF14EFA4E84579EBBB4EF14310F144129E815EB381E7789A59CB52
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012E140 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0012E177
                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 0012E17F
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0012E208
                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 0012E233
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 0012E288
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                            • Opcode ID: 033c285d54d1d128dcc443a20c76a8b37413e85d46a27d1f2b442f0534790b19
                                                                                                                                                                                            • Instruction ID: b21ee0a622111452307745a095f282e414280058f158a0bdc4559ff760e57349
                                                                                                                                                                                            • Opcode Fuzzy Hash: 033c285d54d1d128dcc443a20c76a8b37413e85d46a27d1f2b442f0534790b19
                                                                                                                                                                                            • Instruction Fuzzy Hash: D841B334A00228DBCF14DF68E845A9E7BF5BF45314F148465E8155B392C7319A25CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012E304 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,0012E2FB,0012C1B2,0012B9B2), ref: 0012E312
                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0012E320
                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0012E339
                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,0012E2FB,0012C1B2,0012B9B2), ref: 0012E38B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                            • Opcode ID: be2b515131e3164a1aeaf79cd7c6853b46550beced550058b7b324dcd761fa26
                                                                                                                                                                                            • Instruction ID: cfc55324307b84ecafbb060601320573c85d7e6888dc980a161b89e6858d8ca2
                                                                                                                                                                                            • Opcode Fuzzy Hash: be2b515131e3164a1aeaf79cd7c6853b46550beced550058b7b324dcd761fa26
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6601D43A11A3316EEB286BB47C8655B26E4FF127B6B21033EF420970F1EF614D625651
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00130C90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,4BF42BE9,74DF30D0,?,00000000,0013EB4E,000000FF,?,00130C6C,?,?,00130C40,00000016), ref: 00130CC5
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00130CD7
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,0013EB4E,000000FF,?,00130C6C,?,?,00130C40,00000016), ref: 00130CF9
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: ef56c149fb224cb439e7e8161cf6a02da362290dc9cf18630989d1cf3ae13c75
                                                                                                                                                                                            • Instruction ID: 2ee2e73e2491230312abca3e404983c8303d323871aeeaf85c4a259c2c7b286c
                                                                                                                                                                                            • Opcode Fuzzy Hash: ef56c149fb224cb439e7e8161cf6a02da362290dc9cf18630989d1cf3ae13c75
                                                                                                                                                                                            • Instruction Fuzzy Hash: C2018675990655FFDB128F50DD05FAEBBF8FB08B20F000629F811A26E0DB749944CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013452D Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 001345B2
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 0013467B
                                                                                                                                                                                            • __freea.LIBCMT ref: 001346E2
                                                                                                                                                                                              • Part of subcall function 00134F92: HeapAlloc.KERNEL32(00000000,0012A425,74DF30D0,?,0012BF8B,74DF30D2,74DF30D0,00000000,?,?,0012A1F3,0012A425,74DF30D4,74DF30D0,74DF30D0,74DF30D0), ref: 00134FC4
                                                                                                                                                                                            • __freea.LIBCMT ref: 001346F5
                                                                                                                                                                                            • __freea.LIBCMT ref: 00134702
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                            • Opcode ID: 526b512eca1a81cd0df86f1d74d06c32f06f42d3e98d1728411a71bde5e62108
                                                                                                                                                                                            • Instruction ID: c6d5661a455c7874af89ac9d53c734c0ff9f8d115538a4ec011a0a987a2da4a7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 526b512eca1a81cd0df86f1d74d06c32f06f42d3e98d1728411a71bde5e62108
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1051C2B2600216AFEF259F64CC82EBB3BADEF65710F1A0529FD04D6111EB71EC548660
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012A5E0 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_SetgloballocaleYarnstd::locale::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 156189095-0
                                                                                                                                                                                            • Opcode ID: 8118b0801122989dbd03190a5e5a9eaa60b181dc732d1b459bfa58dd4efbfff5
                                                                                                                                                                                            • Instruction ID: 323e27862d98af86fb993a252bc72f2691ecd1c4fee32de72bd9705e1cb3ca4f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8118b0801122989dbd03190a5e5a9eaa60b181dc732d1b459bfa58dd4efbfff5
                                                                                                                                                                                            • Instruction Fuzzy Hash: E8017C79A002219FDB0AEF20F89197D77B1FF95750F990018E81167391CB756E62CBC6
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012F427 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0012F3D8,00000000,?,0014B388,?,?,?,0012F57B,00000004,InitializeCriticalSectionEx,001410A8,InitializeCriticalSectionEx), ref: 0012F434
                                                                                                                                                                                            • GetLastError.KERNEL32(?,0012F3D8,00000000,?,0014B388,?,?,?,0012F57B,00000004,InitializeCriticalSectionEx,001410A8,InitializeCriticalSectionEx,00000000,?,0012F1C2), ref: 0012F43E
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0012F466
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 3177248105-2084034818
                                                                                                                                                                                            • Opcode ID: 92abfe90e06936797ae6c757ce6580e999f4fbec2a68074f6ef8d66b932aca41
                                                                                                                                                                                            • Instruction ID: ffeba8b379ad99c198640be01a2fd3dc4c594a303f1883356c0a7e3910f9382e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 92abfe90e06936797ae6c757ce6580e999f4fbec2a68074f6ef8d66b932aca41
                                                                                                                                                                                            • Instruction Fuzzy Hash: 58E0B831680248FBEF102B61FD07B593F659B11B55F108434F94CE44E1D7A1D9A39554
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013BD5E Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(4BF42BE9,00000000,00000000,?), ref: 0013BDC1
                                                                                                                                                                                              • Part of subcall function 001369C0: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,001346D8,?,00000000,-00000008), ref: 00136A21
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0013C013
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0013C059
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 0013C0FC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                            • Opcode ID: b116835b74ba0cd5d64e175dd3b165b15370e893492d7c48f9e7067136f92a76
                                                                                                                                                                                            • Instruction ID: 8257abf45760bdd1f75a24e614384b0942a7d0d744d21ef3a868a665ab9ed369
                                                                                                                                                                                            • Opcode Fuzzy Hash: b116835b74ba0cd5d64e175dd3b165b15370e893492d7c48f9e7067136f92a76
                                                                                                                                                                                            • Instruction Fuzzy Hash: 77D168B5E04258DFCF15CFA8C8C09ADBBB9FF09314F24456AE556EB252E730A941CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012E3E4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                            • Opcode ID: a42c78d2d34f7632c660475a4900d4b243a2777da779a4795793e15adf0c4b13
                                                                                                                                                                                            • Instruction ID: cef4af95f3b210f2f26578025b0076b8c569fe0cced0795295b2f508ebd63fc8
                                                                                                                                                                                            • Opcode Fuzzy Hash: a42c78d2d34f7632c660475a4900d4b243a2777da779a4795793e15adf0c4b13
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E51E176600262AFDB28AF14F841BBAB7E4EF14714F14452DE9018B292E731ECA1DB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00129160 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 001292EC
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 001292E7
                                                                                                                                                                                              • Part of subcall function 00121160: ___std_exception_copy.LIBVCRUNTIME ref: 0012119E
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 001292F1
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 001292F6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task$___std_exception_copy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 270002120-0
                                                                                                                                                                                            • Opcode ID: 9b724dea8bde435dc302332c211dd1375130359fc8ea528673e73f917e8a485b
                                                                                                                                                                                            • Instruction ID: 6b12d355820d404cd709c542d2d4b856695d7b9a4f65fcc5b580799526fcb7fe
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b724dea8bde435dc302332c211dd1375130359fc8ea528673e73f917e8a485b
                                                                                                                                                                                            • Instruction Fuzzy Hash: E6518071600225EFCB14DF19E480A69B7E5FFA8311F25816AEC99CB351D731ED61CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0013DF29 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,0013D105,00000000,00000001,00000000,?,?,0013C150,?,00000000,00000000), ref: 0013DF40
                                                                                                                                                                                            • GetLastError.KERNEL32(?,0013D105,00000000,00000001,00000000,?,?,0013C150,?,00000000,00000000,?,?,?,0013C6F3,00000000), ref: 0013DF4C
                                                                                                                                                                                              • Part of subcall function 0013DF12: CloseHandle.KERNEL32(FFFFFFFE,0013DF5C,?,0013D105,00000000,00000001,00000000,?,?,0013C150,?,00000000,00000000,?,?), ref: 0013DF22
                                                                                                                                                                                            • ___initconout.LIBCMT ref: 0013DF5C
                                                                                                                                                                                              • Part of subcall function 0013DED4: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0013DF03,0013D0F2,?,?,0013C150,?,00000000,00000000,?), ref: 0013DEE7
                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,0013D105,00000000,00000001,00000000,?,?,0013C150,?,00000000,00000000,?), ref: 0013DF71
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                            • Opcode ID: 959d37295b587e48994e95e2c333dae125bcf58d6cc8aa6a594e55fc4c7220a3
                                                                                                                                                                                            • Instruction ID: 6d8abbea11d422b11e9e8f1177916fcd32269969d10f1fc5cba0d296f00c294c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 959d37295b587e48994e95e2c333dae125bcf58d6cc8aa6a594e55fc4c7220a3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 25F01C76440159BBCF221FA5FC04A8A7F2AEF197A1F158025FA09C6531C732C861DBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012E9E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 0012EA05
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                            • Opcode ID: 2c42c58efb70d28651cd63f28f90fcf4f727a4b84e0c0287a2fb288b5da1d119
                                                                                                                                                                                            • Instruction ID: 4e20c17c3f9973d5de99c15f40cdc681f3008a3aa8bb135701b46a4972f66161
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c42c58efb70d28651cd63f28f90fcf4f727a4b84e0c0287a2fb288b5da1d119
                                                                                                                                                                                            • Instruction Fuzzy Hash: 15414871900229EFCF15DF98ED81AAEBBF5FF48300F194059F905A7251E335A961DB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 0012AD91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 001228A0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000), ref: 001228A5
                                                                                                                                                                                              • Part of subcall function 001228A0: GetLastError.KERNEL32(?,00000000,00000000), ref: 001228AF
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,0012105A), ref: 0012ADC4
                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0012105A), ref: 0012ADD3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0012ADCE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 0000000C.00000002.2298402705.0000000000121000.00000020.00000001.01000000.00000016.sdmp, Offset: 00120000, based on PE: true
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298351105.0000000000120000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298446950.000000000013F000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298537471.000000000014A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 0000000C.00000002.2298585405.000000000014C000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_12_2_120000_FastSRV.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                            • API String ID: 3511171328-631824599
                                                                                                                                                                                            • Opcode ID: 8fc8fdacfbf6fadcad69545db8a7a63e1d5a78bc74c2eb7eafc5e73ff1daa712
                                                                                                                                                                                            • Instruction ID: f6426a7123c11a94c3024451e93c6944bf3631175a22b48b4e5d8c351b54a834
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fc8fdacfbf6fadcad69545db8a7a63e1d5a78bc74c2eb7eafc5e73ff1daa712
                                                                                                                                                                                            • Instruction Fuzzy Hash: ADE092B42007208BD7219F69FA047827BF0AF18741F40882DE546D7E51EBB5E454CFA2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:1.5%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:17.9%
                                                                                                                                                                                            Total number of Nodes:604
                                                                                                                                                                                            Total number of Limit Nodes:23
                                                                                                                                                                                            execution_graph 58998 b157c4 59007 b15d65 GetModuleHandleW 58998->59007 59000 b157cc 59001 b157d0 59000->59001 59002 b15802 59000->59002 59004 b157db 59001->59004 59008 b279b3 21 API calls std::locale::_Setgloballocale 59001->59008 59009 b279d1 21 API calls std::locale::_Setgloballocale 59002->59009 59005 b1580a 59007->59000 59008->59004 59009->59005 59010 af2889 59015 b15265 32 API calls 59010->59015 59012 af2893 59016 b14f51 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 59012->59016 59014 af28a0 59015->59012 59016->59014 59017 b22bf5 59020 b2a5ab 59017->59020 59021 b22c0d 59020->59021 59022 b2a5b6 RtlFreeHeap 59020->59022 59022->59021 59023 b2a5cb GetLastError 59022->59023 59024 b2a5d8 __dosmaperr 59023->59024 59026 b1a47d 14 API calls __dosmaperr 59024->59026 59026->59021 59027 ae1114 59028 ae111c 59027->59028 59031 ae113a __Mtx_unlock 59028->59031 59054 afdcbb 59028->59054 59030 ae13ef GetCurrentProcessId 59033 ae1472 59030->59033 59034 ab3800 39 API calls 59033->59034 59035 ae147a 59034->59035 59036 ab3800 39 API calls 59035->59036 59037 ae1494 59036->59037 59038 ab3800 39 API calls 59037->59038 59039 ae14ae 59038->59039 59040 b1527a numpunct 30 API calls 59039->59040 59041 ae14ec 59040->59041 59042 b1527a numpunct 30 API calls 59041->59042 59043 ae153d ctype 59042->59043 59044 b1527a numpunct 30 API calls 59043->59044 59045 ae15de 59044->59045 59046 b1527a numpunct 30 API calls 59045->59046 59047 ae1611 59046->59047 59048 ac6c00 31 API calls 59047->59048 59049 ae1655 59048->59049 59050 b1527a numpunct 30 API calls 59049->59050 59051 ae1673 59050->59051 59052 ae4f00 51 API calls 59051->59052 59053 ae16ac 59052->59053 59059 afdad6 29 API calls std::invalid_argument::invalid_argument 59054->59059 59056 afdccc 59060 b1738a RaiseException 59056->59060 59058 afdcda 59059->59056 59060->59058 59061 ae1864 59062 ae1872 59061->59062 59107 ae19e6 __Mtx_unlock 59061->59107 59108 ae3d70 7 API calls 59062->59108 59066 ae187e 59067 ae189d 59066->59067 59166 ae7500 31 API calls 3 library calls 59066->59166 59117 b1527a 59067->59117 59070 ae18a4 59072 b1527a numpunct 30 API calls 59070->59072 59074 ae18b7 59072->59074 59075 b1527a numpunct 30 API calls 59074->59075 59078 ae18ca 59075->59078 59080 b1527a numpunct 30 API calls 59078->59080 59082 ae18dd 59080->59082 59084 b1527a numpunct 30 API calls 59082->59084 59086 ae18f0 59084->59086 59088 b1527a numpunct 30 API calls 59086->59088 59090 ae1903 59088->59090 59131 ada2f0 59090->59131 59094 ae192d 59095 ae193f 59094->59095 59168 ae8330 31 API calls 3 library calls 59094->59168 59097 ae1961 59095->59097 59169 ae8330 31 API calls 3 library calls 59095->59169 59099 ae1983 59097->59099 59170 ae8330 31 API calls 3 library calls 59097->59170 59101 ae19a5 59099->59101 59171 ae8330 31 API calls 3 library calls 59099->59171 59103 ae19c7 59101->59103 59172 ae8330 31 API calls 3 library calls 59101->59172 59105 ae19ee 59103->59105 59103->59107 59173 ae8330 31 API calls 3 library calls 59105->59173 59174 afed8e 31 API calls 2 library calls 59107->59174 59109 ae3ec5 59108->59109 59110 ae402c 59109->59110 59175 ab3800 59109->59175 59110->59066 59111 ae4145 59110->59111 59113 ae414f 59111->59113 59190 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59111->59190 59191 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59113->59191 59116 ae4159 59120 ab32d0 std::locale::_Locimp::_Locimp_ctor numpunct 59117->59120 59120->59117 59121 ab3334 59120->59121 59122 ab3308 59120->59122 59198 b1738a RaiseException 59120->59198 59199 b284c2 EnterCriticalSection LeaveCriticalSection numpunct 59120->59199 59121->59070 59123 b1527a numpunct 30 API calls 59122->59123 59124 ab330e 59123->59124 59125 ab3322 59124->59125 59126 ab3317 59124->59126 59200 b1a2cb 29 API calls 2 library calls 59125->59200 59126->59070 59128 b1a39e 59201 b1a3ac 11 API calls std::locale::_Setgloballocale 59128->59201 59130 b1a3ab 59132 b1527a numpunct 30 API calls 59131->59132 59133 ada366 59132->59133 59134 b1527a numpunct 30 API calls 59133->59134 59135 ada3b0 59134->59135 59202 ade560 59135->59202 59137 ada3f8 ctype 59138 b1527a numpunct 30 API calls 59137->59138 59139 ada420 59138->59139 59140 b1527a numpunct 30 API calls 59139->59140 59141 ada467 59140->59141 59142 ade560 29 API calls 59141->59142 59143 ada4ab ctype 59142->59143 59144 ada84c 59143->59144 59145 b1527a numpunct 30 API calls 59143->59145 59147 b1527a numpunct 30 API calls 59144->59147 59146 ada7ba 59145->59146 59146->59144 59149 b1527a numpunct 30 API calls 59146->59149 59148 ada873 59147->59148 59207 addfe0 59148->59207 59149->59146 59152 b1527a numpunct 30 API calls 59153 ada8f7 59152->59153 59215 ac6c00 59153->59215 59155 ada93b 59225 addd80 59155->59225 59157 ada94e ctype 59158 ada9a0 PowerGetActiveScheme 59157->59158 59159 ada9dc 59158->59159 59160 ada9c0 59158->59160 59259 b14f0a 59159->59259 59229 adabc0 59160->59229 59164 ada9f5 59167 ae06e0 31 API calls numpunct 59164->59167 59166->59067 59167->59094 59168->59095 59169->59097 59170->59099 59171->59101 59172->59103 59173->59107 59176 ab3816 59175->59176 59187 ab385c 59175->59187 59192 b14fa2 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 59176->59192 59179 ab3820 59181 ab382c GetProcessHeap 59179->59181 59179->59187 59180 ab3877 59189 ab38da 59180->59189 59196 b15265 32 API calls 59180->59196 59193 b15265 32 API calls 59181->59193 59183 ab3852 59194 b14f51 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 59183->59194 59186 ab38d0 59197 b14f51 AcquireSRWLockExclusive ReleaseSRWLockExclusive WakeAllConditionVariable 59186->59197 59187->59189 59195 b14fa2 AcquireSRWLockExclusive ReleaseSRWLockExclusive SleepConditionVariableSRW 59187->59195 59189->59110 59190->59113 59191->59116 59192->59179 59193->59183 59194->59187 59195->59180 59196->59186 59197->59189 59198->59120 59199->59120 59200->59128 59201->59130 59204 ade573 ctype 59202->59204 59206 ade5a3 59202->59206 59203 ade560 29 API calls 59203->59204 59204->59203 59204->59206 59266 adafa0 29 API calls 2 library calls 59204->59266 59206->59137 59208 ade050 59207->59208 59214 ade0e2 59207->59214 59209 b1527a numpunct 30 API calls 59208->59209 59213 ade065 59209->59213 59210 b1527a numpunct 30 API calls 59211 ada8c9 59210->59211 59211->59152 59212 b1527a numpunct 30 API calls 59212->59213 59213->59212 59213->59214 59214->59210 59216 ac6c22 59215->59216 59223 ac6c9c ctype 59215->59223 59217 ac6cf0 Concurrency::cancel_current_task 59216->59217 59218 ac6c39 59216->59218 59219 ac6c60 59216->59219 59218->59217 59221 b1527a numpunct 30 API calls 59218->59221 59220 b1527a numpunct 30 API calls 59219->59220 59222 ac6c4a 59219->59222 59220->59222 59221->59222 59222->59223 59267 b1a38f 29 API calls 2 library calls 59222->59267 59223->59155 59226 adddac 59225->59226 59227 addd98 59225->59227 59226->59157 59227->59226 59268 ade790 34 API calls 2 library calls 59227->59268 59230 adac20 PowerEnumerate 59229->59230 59247 adac3f ctype 59230->59247 59231 adac7c PowerEnumerate 59231->59247 59232 adaf5e 59234 b14f0a __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 59232->59234 59235 ada9d5 59234->59235 59249 adb2d0 59235->59249 59236 b1527a numpunct 30 API calls 59236->59247 59237 adaf7b 59273 b1a38f 29 API calls 2 library calls 59237->59273 59240 ac6c00 31 API calls 59240->59247 59241 adabc0 37 API calls 59241->59247 59247->59230 59247->59231 59247->59232 59247->59236 59247->59237 59247->59240 59247->59241 59269 ade680 31 API calls 4 library calls 59247->59269 59270 ada250 31 API calls 3 library calls 59247->59270 59271 adb030 31 API calls 2 library calls 59247->59271 59272 ade300 34 API calls 2 library calls 59247->59272 59250 adb3ba 59249->59250 59251 ab3800 39 API calls 59250->59251 59252 adb3bf 59251->59252 59274 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59252->59274 59254 adb59c 59275 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59254->59275 59256 adb5a6 59276 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59256->59276 59258 adb5b0 59260 b14f13 IsProcessorFeaturePresent 59259->59260 59261 b14f12 59259->59261 59263 b1540a 59260->59263 59261->59164 59277 b153cd SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 59263->59277 59265 b154ed 59265->59164 59266->59204 59268->59227 59269->59247 59270->59247 59271->59247 59272->59247 59274->59254 59275->59256 59276->59258 59277->59265 59278 acfca0 59279 acfcaa 59278->59279 59280 acfcca ctype 59278->59280 59279->59280 59283 b1a38f 29 API calls 2 library calls 59279->59283 59284 ace670 59285 ace6c9 59284->59285 59286 ab3800 39 API calls 59285->59286 59287 ace6ea 59286->59287 59288 ace7ab 59287->59288 59289 ace6f4 59287->59289 59410 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59288->59410 59315 ab2940 59289->59315 59291 ace7b5 59411 afe132 59291->59411 59295 ace724 OpenSCManagerW 59300 ace748 OpenServiceW ControlService 59295->59300 59301 ace77a 59295->59301 59297 ace7ff 59302 ace85c 59297->59302 59303 ace809 59297->59303 59298 ace855 59415 afed8e 31 API calls 2 library calls 59298->59415 59300->59301 59329 acf090 LookupPrivilegeValueW 59301->59329 59416 afed8e 31 API calls 2 library calls 59302->59416 59414 afd020 88 API calls __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 59303->59414 59313 ace83b __Mtx_unlock 59316 ab2953 59315->59316 59319 ab29d5 59315->59319 59316->59319 59417 ab34d0 10 API calls 59316->59417 59318 ab296a 59318->59319 59320 ab2970 FindResourceW 59318->59320 59319->59295 59409 ab2c70 31 API calls 4 library calls 59319->59409 59320->59319 59321 ab2984 59320->59321 59418 ab3460 LoadResource LockResource SizeofResource 59321->59418 59324 ab298e 59324->59319 59419 b1a490 29 API calls 4 library calls 59324->59419 59325 ab29c5 59325->59319 59326 ab29eb 59325->59326 59420 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59326->59420 59328 ab29f5 59330 acf1a1 GetCurrentProcess OpenProcessToken 59329->59330 59331 acf0d2 59329->59331 59333 acf2bc AdjustTokenPrivileges 59330->59333 59334 acf1d6 59330->59334 59332 ab3800 39 API calls 59331->59332 59336 acf0d7 59332->59336 59337 acf3b8 FindCloseChangeNotification 59333->59337 59338 acf2d9 59333->59338 59335 ab3800 39 API calls 59334->59335 59346 acf1db 59335->59346 59339 acf3f1 59336->59339 59348 ab2940 40 API calls 59336->59348 59391 acf16e 59337->59391 59340 ab3800 39 API calls 59338->59340 59432 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59339->59432 59341 acf2de 59340->59341 59341->59339 59349 acf2e8 59341->59349 59343 b14f0a __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 59345 ace783 59343->59345 59344 acf3fb 59433 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59344->59433 59392 ae1820 59345->59392 59346->59339 59350 ab2940 40 API calls 59346->59350 59352 acf100 59348->59352 59353 ab2940 40 API calls 59349->59353 59354 acf204 59350->59354 59351 acf405 59355 acf113 59352->59355 59421 ab2c70 31 API calls 4 library calls 59352->59421 59356 acf307 59353->59356 59357 acf217 59354->59357 59424 ab2c70 31 API calls 4 library calls 59354->59424 59359 ab3800 39 API calls 59355->59359 59361 acf31a 59356->59361 59427 ab2c70 31 API calls 4 library calls 59356->59427 59363 ab3800 39 API calls 59357->59363 59360 acf11f 59359->59360 59364 acf3dd 59360->59364 59365 acf129 59360->59365 59367 ab3800 39 API calls 59361->59367 59368 acf223 59363->59368 59430 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59364->59430 59375 ab2940 40 API calls 59365->59375 59369 acf326 59367->59369 59370 acf22d 59368->59370 59371 acf3e7 59368->59371 59369->59344 59374 acf330 59369->59374 59377 ab2940 40 API calls 59370->59377 59431 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59371->59431 59380 ab2940 40 API calls 59374->59380 59376 acf145 59375->59376 59379 acf158 GetLastError 59376->59379 59422 ab2c70 31 API calls 4 library calls 59376->59422 59378 acf249 59377->59378 59381 acf25c GetLastError 59378->59381 59425 ab2c70 31 API calls 4 library calls 59378->59425 59423 acbde0 96 API calls 5 library calls 59379->59423 59384 acf34c 59380->59384 59426 acbde0 96 API calls 5 library calls 59381->59426 59385 acf35f GetLastError 59384->59385 59428 ab2c70 31 API calls 4 library calls 59384->59428 59429 acbde0 96 API calls 5 library calls 59385->59429 59390 acf375 59390->59337 59391->59343 59393 afe132 13 API calls 59392->59393 59394 ae1859 59393->59394 59434 afed8e 31 API calls 2 library calls 59394->59434 59409->59295 59410->59291 59435 afdef6 59411->59435 59414->59313 59417->59318 59418->59324 59419->59325 59420->59328 59421->59355 59422->59379 59423->59391 59424->59357 59425->59381 59426->59391 59427->59361 59428->59385 59429->59390 59430->59371 59431->59339 59432->59344 59433->59351 59436 afdf1e GetCurrentThreadId 59435->59436 59437 afdf58 59435->59437 59440 afdf29 GetCurrentThreadId 59436->59440 59449 afdf44 59436->59449 59438 afdf5c GetCurrentThreadId 59437->59438 59439 afdf82 59437->59439 59442 afdf6b 59438->59442 59441 afe01b GetCurrentThreadId 59439->59441 59445 afdfa3 59439->59445 59440->59449 59441->59442 59444 afe064 GetCurrentThreadId 59442->59444 59442->59449 59443 b14f0a __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 59447 ace7f8 59443->59447 59444->59449 59453 afeebc GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 59445->59453 59447->59297 59447->59298 59449->59443 59450 afdfdc GetCurrentThreadId 59450->59442 59451 afdfac __Xtime_diff_to_millis2 59450->59451 59451->59442 59451->59449 59451->59450 59454 afeebc GetSystemTimePreciseAsFileTime GetSystemTimeAsFileTime __aulldiv __aullrem __Xtime_get_ticks 59451->59454 59453->59451 59454->59451 59455 ad0e03 59495 b153bf 59455->59495 59457 ad0e1c RegQueryValueExW 59458 ad0e3a CloseHandle 59457->59458 59459 ad0e51 ___crtLCMapStringW 59457->59459 59460 ad0db9 59458->59460 59461 ad0f8c 59459->59461 59462 ad0e6b 59459->59462 59464 ab3800 39 API calls 59460->59464 59461->59458 59463 ad0f94 59461->59463 59462->59458 59465 ad0e6f 59462->59465 59466 ab3800 39 API calls 59463->59466 59467 ad0dbe 59464->59467 59468 ab3800 39 API calls 59465->59468 59477 ad0f99 59466->59477 59469 ab35d0 HeapAlloc RaiseException 59467->59469 59494 ad0dc6 59467->59494 59475 ad0e74 59468->59475 59470 ad1096 59469->59470 59471 ad1082 59472 ab35d0 HeapAlloc RaiseException 59471->59472 59472->59467 59473 ab35d0 HeapAlloc RaiseException 59473->59471 59474 ad0ee1 59482 ad0eef 59474->59482 59487 ad0f2d __Strxfrm 59474->59487 59475->59467 59475->59471 59475->59474 59479 ab2dd0 29 API calls 59475->59479 59476 ad1007 59478 b22f6d __Getcoll 29 API calls 59476->59478 59477->59467 59477->59476 59480 ab2dd0 29 API calls 59477->59480 59493 ad0f16 59477->59493 59481 ad1015 59478->59481 59479->59474 59480->59476 59483 ad0eff CloseHandle 59481->59483 59484 ad1020 FindCloseChangeNotification 59481->59484 59485 b1a47d __Wcscoll 14 API calls 59482->59485 59489 ad0f0e 59483->59489 59486 ad0dd2 59484->59486 59488 ad0ef4 59485->59488 59487->59471 59490 ad0f7e 59487->59490 59491 b1a37f ___std_exception_copy 29 API calls 59488->59491 59492 ab3800 39 API calls 59489->59492 59490->59484 59491->59483 59492->59493 59493->59473 59493->59494 59494->59486 59496 b1568f 59497 b1569b ___scrt_is_nonwritable_in_current_image 59496->59497 59522 b1509f 59497->59522 59499 b156a2 59500 b157f5 59499->59500 59511 b156cc ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock std::locale::_Setgloballocale 59499->59511 59654 b15c14 4 API calls 2 library calls 59500->59654 59502 b157fc 59647 b27a0d 59502->59647 59506 b1580a 59507 b156eb 59508 b1576c 59530 b15d2f 59508->59530 59510 b15772 59534 af1610 59510->59534 59511->59507 59511->59508 59650 b22c5f 16 API calls 3 library calls 59511->59650 59516 b1578e 59516->59502 59517 b15792 59516->59517 59518 b1579b 59517->59518 59652 b279c2 21 API calls std::locale::_Setgloballocale 59517->59652 59653 b15210 66 API calls ___scrt_uninitialize_crt 59518->59653 59521 b157a3 59521->59507 59523 b150a8 59522->59523 59656 b159f5 IsProcessorFeaturePresent 59523->59656 59525 b150b4 59657 b18cde 10 API calls 2 library calls 59525->59657 59527 b150bd 59527->59499 59528 b150b9 59528->59527 59658 b18cfd 7 API calls 2 library calls 59528->59658 59659 b17230 59530->59659 59532 b15d42 GetStartupInfoW 59533 b15d55 59532->59533 59533->59510 59660 afd190 59534->59660 59536 af1646 59537 ab3800 39 API calls 59536->59537 59538 af166c 59537->59538 59539 af2227 59538->59539 59543 ab2940 40 API calls 59538->59543 59686 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59539->59686 59541 af2231 59687 b1a38f 29 API calls 2 library calls 59541->59687 59549 af1690 59543->59549 59544 af2236 59545 afed8e std::_Throw_Cpp_error 31 API calls 59544->59545 59547 af223d 59545->59547 59546 af16bd 59548 ab3800 39 API calls 59546->59548 59550 afed8e std::_Throw_Cpp_error 31 API calls 59547->59550 59551 af16c2 59548->59551 59549->59546 59684 ab2c70 31 API calls 4 library calls 59549->59684 59553 af224b 59550->59553 59551->59539 59554 ab2940 40 API calls 59551->59554 59555 af16ea 59554->59555 59556 af1700 59555->59556 59685 ab2c70 31 API calls 4 library calls 59555->59685 59556->59539 59558 af170e 59556->59558 59682 ace5d0 GetTickCount64 59558->59682 59560 af1770 OpenEventW 59561 af17a3 CreateEventW 59560->59561 59562 af1792 PulseEvent 59560->59562 59564 b24124 42 API calls 59561->59564 59563 af2140 59562->59563 59565 afe132 13 API calls 59563->59565 59569 af17c9 59564->59569 59566 af2153 59565->59566 59566->59544 59567 af215e 59566->59567 59567->59547 59568 af216f __Mtx_unlock 59567->59568 59571 ad0a10 8 API calls 59568->59571 59570 ab2dd0 29 API calls 59569->59570 59573 af17e6 59569->59573 59570->59573 59578 af2189 __Mtx_destroy_in_situ 59571->59578 59572 af1823 59574 acffb0 59 API calls 59572->59574 59573->59572 59575 ace870 47 API calls 59573->59575 59582 af1841 59574->59582 59576 af1816 59575->59576 59577 ae3cc0 39 API calls 59576->59577 59577->59572 59580 af21c9 FreeLibrary 59578->59580 59584 af21da 59578->59584 59579 ac6060 62 API calls 59581 af18c0 59579->59581 59580->59584 59583 b1527a numpunct 30 API calls 59581->59583 59582->59579 59588 af1911 59583->59588 59585 b14f0a __ehhandler$?enable_segment@_Helper@_Concurrent_vector_base_v4@details@Concurrency@@SAIAAV234@II@Z 5 API calls 59584->59585 59586 af2221 59585->59586 59651 b15d65 GetModuleHandleW 59586->59651 59587 b1527a numpunct 30 API calls 59589 af1987 59587->59589 59588->59587 59590 b1527a numpunct 30 API calls 59589->59590 59592 af19e3 59590->59592 59591 b1527a numpunct 30 API calls 59593 af1a59 59591->59593 59592->59591 59594 b1527a numpunct 30 API calls 59593->59594 59595 af1a8f 59594->59595 59596 b1527a numpunct 30 API calls 59595->59596 59597 af1ae7 59596->59597 59598 b1527a numpunct 30 API calls 59597->59598 59599 af1b17 59598->59599 59600 b1527a numpunct 30 API calls 59599->59600 59601 af1b84 59600->59601 59602 ac6c00 31 API calls 59601->59602 59603 af1bc5 GetTickCount64 59602->59603 59604 ad5cc0 32 API calls 59603->59604 59605 af1bf9 GetTickCount64 59604->59605 59606 ad5cc0 32 API calls 59605->59606 59607 af1c27 GetTickCount64 59606->59607 59608 ad5cc0 32 API calls 59607->59608 59609 af1c55 59608->59609 59610 b1527a numpunct 30 API calls 59609->59610 59611 af1c5c 59610->59611 59612 b1527a numpunct 30 API calls 59611->59612 59613 af1c8c 59612->59613 59614 b1527a numpunct 30 API calls 59613->59614 59615 af1d00 59614->59615 59616 b1527a numpunct 30 API calls 59615->59616 59617 af1d33 59616->59617 59618 b1527a numpunct 30 API calls 59617->59618 59619 af1da1 59618->59619 59620 af2490 31 API calls 59619->59620 59621 af1dee 59620->59621 59622 af1dfe 59621->59622 59623 af2490 31 API calls 59621->59623 59624 af1e4a 59622->59624 59625 af2490 31 API calls 59622->59625 59623->59622 59626 af1e96 59624->59626 59627 af2490 31 API calls 59624->59627 59625->59624 59628 af1ed4 59626->59628 59629 af2490 31 API calls 59626->59629 59627->59626 59630 af2490 31 API calls 59628->59630 59631 af1f12 ctype 59628->59631 59629->59628 59630->59631 59632 af2026 CreateNamedPipeW 59631->59632 59634 ac6340 42 API calls 59631->59634 59633 b24124 42 API calls 59632->59633 59635 af205f Sleep 59633->59635 59634->59631 59636 af207f 59635->59636 59637 af20a1 59635->59637 59638 af1420 99 API calls 59636->59638 59639 ace870 47 API calls 59637->59639 59641 af2084 ShellExecuteW 59638->59641 59640 af20ae 59639->59640 59642 af20b7 Sleep 59640->59642 59646 af20c4 ctype 59640->59646 59641->59640 59642->59642 59642->59646 59643 af2128 ctype 59644 ac6290 30 API calls 59643->59644 59645 af213d 59644->59645 59645->59563 59646->59541 59646->59643 59731 b27841 59647->59731 59650->59508 59651->59516 59652->59518 59653->59521 59654->59502 59655 b279d1 21 API calls std::locale::_Setgloballocale 59655->59506 59656->59525 59657->59528 59658->59527 59659->59532 59661 afd240 __Mtx_unlock 59660->59661 59662 afd1c3 59660->59662 59661->59536 59663 afe132 13 API calls 59662->59663 59664 afd1d4 59663->59664 59665 afd1df 59664->59665 59666 afd269 59664->59666 59667 afd1ef 59665->59667 59668 afd270 59665->59668 59719 afed8e 31 API calls 2 library calls 59666->59719 59667->59661 59671 b1527a numpunct 30 API calls 59667->59671 59720 afed8e 31 API calls 2 library calls 59668->59720 59673 afd206 59671->59673 59672 afd27d 59721 ab35d0 HeapAlloc RaiseException Concurrency::cancel_current_task 59672->59721 59675 ab3800 39 API calls 59673->59675 59677 afd217 59675->59677 59676 afd287 59677->59672 59678 afd21d 59677->59678 59688 afd290 CoInitializeEx 59678->59688 59680 afd239 59718 afd630 56 API calls 59680->59718 59683 ae13f0 59682->59683 59684->59546 59685->59556 59686->59541 59689 afd429 59688->59689 59690 afd2e0 CoInitializeSecurity 59688->59690 59689->59680 59691 afd423 CoUninitialize 59690->59691 59692 afd300 CoCreateInstance 59690->59692 59691->59689 59692->59691 59693 afd327 59692->59693 59694 b1527a numpunct 30 API calls 59693->59694 59695 afd335 59694->59695 59696 afd348 SysAllocString 59695->59696 59698 afd36b 59695->59698 59697 afd616 _com_issue_error 59696->59697 59696->59698 59698->59697 59701 afd3c0 SysFreeString 59698->59701 59702 afd3cd ctype 59698->59702 59699 afd411 59699->59691 59700 afd3f6 CoSetProxyBlanket 59700->59699 59703 afd43f 59700->59703 59701->59702 59702->59699 59702->59700 59722 aee190 59703->59722 59705 afd453 59706 aee190 36 API calls 59705->59706 59707 afd469 59706->59707 59709 afd4b9 SysFreeString 59707->59709 59710 afd4c6 ctype 59707->59710 59708 afd5df CoUninitialize 59714 afd600 59708->59714 59709->59710 59711 afd50f SysFreeString 59710->59711 59712 afd51c ctype 59710->59712 59711->59712 59712->59699 59715 afd548 59712->59715 59714->59680 59715->59708 59729 ab2c70 31 API calls 4 library calls 59715->59729 59717 afd5c9 VariantClear 59717->59715 59718->59661 59721->59676 59723 b1527a numpunct 30 API calls 59722->59723 59724 aee1be 59723->59724 59726 aee1e7 _com_issue_error 59724->59726 59730 b14c30 24 API calls 5 library calls 59724->59730 59727 aee23f SysFreeString 59726->59727 59728 aee1fa ctype 59726->59728 59727->59728 59728->59705 59729->59717 59730->59726 59732 b27880 59731->59732 59733 b2786e 59731->59733 59743 b276d2 59732->59743 59758 b15d65 GetModuleHandleW 59733->59758 59736 b27873 59736->59732 59759 b27922 GetModuleHandleExW 59736->59759 59738 b15802 59738->59655 59742 b278d2 59744 b276de ___scrt_is_nonwritable_in_current_image 59743->59744 59765 b24e1c EnterCriticalSection 59744->59765 59746 b276e8 59766 b27759 59746->59766 59748 b276f5 59770 b27713 59748->59770 59751 b278d8 59775 b27909 59751->59775 59753 b278e2 59754 b278f6 59753->59754 59755 b278e6 GetCurrentProcess TerminateProcess 59753->59755 59756 b27922 std::locale::_Setgloballocale 3 API calls 59754->59756 59755->59754 59757 b278fe ExitProcess 59756->59757 59758->59736 59760 b27982 59759->59760 59761 b27961 GetProcAddress 59759->59761 59763 b2787f 59760->59763 59764 b27988 FreeLibrary 59760->59764 59761->59760 59762 b27975 59761->59762 59762->59760 59763->59732 59764->59763 59765->59746 59768 b27765 ___scrt_is_nonwritable_in_current_image std::locale::_Setgloballocale 59766->59768 59769 b277c9 std::locale::_Setgloballocale 59768->59769 59773 b282dc 14 API calls 3 library calls 59768->59773 59769->59748 59774 b24e64 LeaveCriticalSection 59770->59774 59772 b27701 59772->59738 59772->59751 59773->59769 59774->59772 59778 b2d4ca 5 API calls std::locale::_Setgloballocale 59775->59778 59777 b2790e std::locale::_Setgloballocale 59777->59753 59778->59777

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00AE4FA7 Relevance: 42.5, APIs: 13, Strings: 11, Instructions: 528commemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 ae4fa7-ae4fe6 CoInitializeSecurity 3 ae4fec-ae500d CoCreateInstance 0->3 4 ae559d-ae55a9 0->4 7 ae5585-ae558e 3->7 8 ae5013-ae5036 call b1527a 3->8 5 ae55fa-ae55ff call afdc7e 4->5 6 ae55ab-ae55b5 4->6 17 ae55c8-ae55e5 call b14f0a 6->17 18 ae55b7-ae55c4 6->18 7->4 11 ae5590-ae5599 7->11 15 ae505d 8->15 16 ae5038-ae5055 SysAllocString 8->16 11->4 21 ae505f-ae5068 15->21 19 ae505b 16->19 20 ae55e6-ae55eb call b14c10 16->20 18->17 19->21 24 ae55f0-ae55f5 call b14c10 20->24 23 ae506e-ae5077 21->23 21->24 27 ae5079-ae5082 23->27 28 ae5086-ae50ac 23->28 24->5 27->28 31 ae50ae-ae50b2 28->31 32 ae50e6-ae50e8 28->32 35 ae50b4-ae50bb SysFreeString 31->35 36 ae50c1-ae50c6 31->36 33 ae50ee-ae5107 CoSetProxyBlanket 32->33 34 ae556d-ae5576 32->34 33->34 37 ae510d-ae5146 call aee190 * 2 33->37 34->7 38 ae5578-ae5581 34->38 35->36 39 ae50d8-ae50e3 call b14f18 36->39 40 ae50c8-ae50d1 call b153c8 36->40 49 ae514f 37->49 50 ae5148-ae514d 37->50 38->7 39->32 40->39 51 ae5156-ae515a 49->51 50->51 52 ae515c-ae515e 51->52 53 ae5160 51->53 54 ae5162-ae5167 52->54 53->54 55 ae5169-ae5172 54->55 56 ae5176-ae5193 54->56 55->56 58 ae51df-ae51e4 56->58 59 ae5195-ae519d 56->59 60 ae51e6-ae51ec 58->60 61 ae5227-ae522b 58->61 62 ae519f-ae51a1 59->62 63 ae51d8 59->63 60->61 66 ae51ee-ae51f0 60->66 64 ae5555 61->64 65 ae5231-ae5248 61->65 62->63 67 ae51a3-ae51a7 62->67 63->58 71 ae5558-ae555e 64->71 68 ae524e 65->68 69 ae553d-ae5546 65->69 66->61 70 ae51f2-ae51f6 66->70 72 ae51a9-ae51b0 SysFreeString 67->72 73 ae51b6-ae51bb 67->73 74 ae5254-ae5259 68->74 69->71 75 ae5548-ae5551 69->75 76 ae51f8-ae51ff SysFreeString 70->76 77 ae5205-ae520a 70->77 71->34 78 ae5560-ae5569 71->78 72->73 79 ae51cd-ae51d5 call b14f18 73->79 80 ae51bd-ae51c6 call b153c8 73->80 82 ae525b-ae5264 74->82 83 ae5268-ae527e 74->83 75->64 76->77 84 ae521c-ae5224 call b14f18 77->84 85 ae520c-ae5215 call b153c8 77->85 78->34 79->63 80->79 82->83 94 ae553a 83->94 95 ae5284-ae52f2 VariantInit * 2 83->95 84->61 85->84 94->69 98 ae52f8-ae52fd 95->98 99 ae5517-ae5532 VariantClear * 2 95->99 98->99 101 ae5303-ae530b 98->101 99->74 100 ae5538 99->100 100->69 101->99 102 ae5311-ae5368 call ac6ee0 101->102 105 ae536d-ae5372 102->105 106 ae536a 102->106 105->99 107 ae5378-ae5383 105->107 106->105 108 ae5385-ae538b 107->108 109 ae538d-ae5390 108->109 110 ae53ab-ae53ad 108->110 111 ae53a7-ae53a9 109->111 112 ae5392-ae539a 109->112 113 ae53b0-ae53be 110->113 111->113 112->110 114 ae539c-ae53a5 112->114 115 ae53c0-ae53c6 113->115 114->108 114->111 116 ae53c8-ae53cb 115->116 117 ae53e6-ae53e8 115->117 119 ae53cd-ae53d5 116->119 120 ae53e2-ae53e4 116->120 118 ae53eb-ae53fc 117->118 121 ae5400-ae5406 118->121 119->117 122 ae53d7-ae53e0 119->122 120->118 123 ae5408-ae540b 121->123 124 ae5426-ae5428 121->124 122->115 122->120 125 ae540d-ae5415 123->125 126 ae5422-ae5424 123->126 127 ae542b-ae543c 124->127 125->124 128 ae5417-ae5420 125->128 126->127 129 ae5440-ae5446 127->129 128->121 128->126 130 ae5448-ae544b 129->130 131 ae5466-ae5468 129->131 133 ae544d-ae5455 130->133 134 ae5462-ae5464 130->134 132 ae546b-ae547c 131->132 135 ae5480-ae5486 132->135 133->131 136 ae5457-ae5460 133->136 134->132 137 ae5488-ae548b 135->137 138 ae54a6-ae54a8 135->138 136->129 136->134 139 ae548d-ae5495 137->139 140 ae54a2-ae54a4 137->140 141 ae54ab-ae54ba 138->141 139->138 142 ae5497-ae54a0 139->142 140->141 143 ae54c0-ae54c6 141->143 142->135 142->140 144 ae54c8-ae54cb 143->144 145 ae54e6-ae54e8 143->145 146 ae54cd-ae54d5 144->146 147 ae54e2-ae54e4 144->147 148 ae54eb-ae5511 call ae7be0 145->148 146->145 149 ae54d7-ae54e0 146->149 147->148 148->99 149->143 149->147
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 00AE4FDE
                                                                                                                                                                                            • CoCreateInstance.OLE32(00B40450,00000000,00000001,00B40440,00000000), ref: 00AE5005
                                                                                                                                                                                            • SysAllocString.OLEAUT32 ref: 00AE504B
                                                                                                                                                                                            • SysFreeString.OLEAUT32(-00000001), ref: 00AE50B5
                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00AE50FF
                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00AE51AA
                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00AE51F9
                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00AE529B
                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 00AE52AE
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00AE551E
                                                                                                                                                                                            • VariantClear.OLEAUT32(00000003), ref: 00AE552B
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00AE55EB
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00AE55F5
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: StringVariant$Free$ClearInit_com_issue_error$AllocBlanketCreateInitializeInstanceProxySecurity
                                                                                                                                                                                            • String ID: Adapter$File System Driver$Kernel Driver$Own Process$ProcessId$ROOT\CIMV2$Recognizer Driver$SELECT ProcessId, ServiceType FROM Win32_Service$ServiceType$Share Process$WQL
                                                                                                                                                                                            • API String ID: 1750940811-821176035
                                                                                                                                                                                            • Opcode ID: 624567ab7b5a15b878efdcf4a573186c6d51a084d89a5730620ab0d7dca07a20
                                                                                                                                                                                            • Instruction ID: 9b4eea799248bd19638fac260aec95890a60524c6d4b3e8974a35c70f93258eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 624567ab7b5a15b878efdcf4a573186c6d51a084d89a5730620ab0d7dca07a20
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2612DF71E007459BEB24DFB5D815BAEB7F5BF14708F244158E846AB281EB71EE80CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AF1610 Relevance: 41.1, APIs: 15, Strings: 8, Instructions: 872sleeppipeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AFD190: __Mtx_unlock.LIBCPMT ref: 00AFD24C
                                                                                                                                                                                            • OpenEventW.KERNEL32(001F0003,00000001,Local\fast!,/noui), ref: 00AF177C
                                                                                                                                                                                            • PulseEvent.KERNEL32(00000258), ref: 00AF1798
                                                                                                                                                                                            • CreateEventW.KERNEL32(00000000,00000000,00000000,Local\fast!), ref: 00AF17AE
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AF1BCB
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AF1BF9
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AF1C27
                                                                                                                                                                                              • Part of subcall function 00AF2490: Concurrency::cancel_current_task.LIBCPMT ref: 00AF263B
                                                                                                                                                                                            • CreateNamedPipeW.KERNEL32(\\.\pipe\veryfastapp,00000003,00000000,00000001,00004000,00004000,00000000,00000000,00000000,?,00000000,?,00000000,?,00000000,?), ref: 00AF203F
                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?), ref: 00AF2074
                                                                                                                                                                                            • ShellExecuteW.SHELL32(00000000,open,nwjs\nw,ui\.,00000000,00000001), ref: 00AF2099
                                                                                                                                                                                            • Sleep.KERNEL32(00000064,00000001,?,?,?,?,?,?,?,?), ref: 00AF20B9
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AF2176
                                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 00AF2190
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00000001,?,?,?,?,?,?,?,?), ref: 00AF21CA
                                                                                                                                                                                              • Part of subcall function 00AF1420: GetModuleFileNameW.KERNEL32(00000000,?,00000104,B994DF4A), ref: 00AF145A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Count64EventTick$CreateMtx_unlockSleep$Concurrency::cancel_current_taskExecuteFileFreeLibraryModuleMtx_destroy_in_situNameNamedOpenPipePulseShell
                                                                                                                                                                                            • String ID: /noui$Local\fast!$\\.\pipe\veryfastapp$nwjs\nw$open$ui\.$y${
                                                                                                                                                                                            • API String ID: 2719173829-3323203072
                                                                                                                                                                                            • Opcode ID: d4c57d35e6373d2489b6a26f18fdef6798513999d33b389d2edc960dd7749c8a
                                                                                                                                                                                            • Instruction ID: e4074e6992240ccaba64e4851f431e9d3c987cb68ae611d2889e29d547c51747
                                                                                                                                                                                            • Opcode Fuzzy Hash: d4c57d35e6373d2489b6a26f18fdef6798513999d33b389d2edc960dd7749c8a
                                                                                                                                                                                            • Instruction Fuzzy Hash: D3725C71A00219DFDB24DFA0CC95BEAB7B4BF45304F1441E9E609AB291DB71AE84CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACF090 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 275COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 509 acf090-acf0cc LookupPrivilegeValueW 510 acf1a1-acf1d0 GetCurrentProcess OpenProcessToken 509->510 511 acf0d2-acf0d9 call ab3800 509->511 513 acf2bc-acf2d3 AdjustTokenPrivileges 510->513 514 acf1d6-acf1dd call ab3800 510->514 520 acf0df-acf102 call ab2940 511->520 521 acf3f1-acf3f6 call ab35d0 511->521 517 acf3b8-acf3c1 FindCloseChangeNotification 513->517 518 acf2d9-acf2e2 call ab3800 513->518 514->521 525 acf1e3-acf206 call ab2940 514->525 522 acf3c3-acf3dc call b14f0a 517->522 518->521 528 acf2e8-acf309 call ab2940 518->528 541 acf104-acf10e call ab2c70 520->541 542 acf113-acf123 call ab3800 520->542 529 acf3fb-acf405 call ab35d0 521->529 544 acf208-acf212 call ab2c70 525->544 545 acf217-acf227 call ab3800 525->545 549 acf31a-acf32a call ab3800 528->549 550 acf30b-acf315 call ab2c70 528->550 541->542 553 acf3dd-acf3e2 call ab35d0 542->553 554 acf129-acf147 call ab2940 542->554 544->545 559 acf22d-acf24b call ab2940 545->559 560 acf3e7-acf3ec call ab35d0 545->560 549->529 564 acf330-acf34e call ab2940 549->564 550->549 553->560 571 acf158-acf188 GetLastError call acbde0 554->571 572 acf149-acf153 call ab2c70 554->572 574 acf25c-acf28c GetLastError call acbde0 559->574 575 acf24d-acf257 call ab2c70 559->575 560->521 579 acf35f-acf38f GetLastError call acbde0 564->579 580 acf350-acf35a call ab2c70 564->580 587 acf18a-acf18d 571->587 588 acf192-acf19c 571->588 572->571 590 acf28e-acf291 574->590 591 acf296-acf29d 574->591 575->574 593 acf399-acf3ae 579->593 594 acf391-acf394 579->594 580->579 587->588 592 acf2a0-acf2ab 588->592 590->591 591->592 595 acf2ad-acf2b0 592->595 596 acf2b5-acf2b7 592->596 593->517 597 acf3b0-acf3b3 593->597 594->593 595->596 596->522 597->517
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeDebugPrivilege,B994DF4A), ref: 00ACF0C4
                                                                                                                                                                                            • GetLastError.KERNEL32(Error), ref: 00ACF15C
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00ACF1BB
                                                                                                                                                                                            • OpenProcessToken.ADVAPI32(00000000,00000020,?), ref: 00ACF1C8
                                                                                                                                                                                            • AdjustTokenPrivileges.KERNELBASE(?,00000000,00000001,00000010,00000000,00000000), ref: 00ACF2CB
                                                                                                                                                                                            • GetLastError.KERNEL32(Error), ref: 00ACF260
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • GetLastError.KERNEL32(Error), ref: 00ACF363
                                                                                                                                                                                            • FindCloseChangeNotification.KERNELBASE(?), ref: 00ACF3BB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastProcess$FindToken$AdjustChangeCloseCurrentHeapLookupNotificationOpenPrivilegePrivilegesResourceValue
                                                                                                                                                                                            • String ID: AdjustTokenPrivileges error.$Error$LookupPrivilegeValue error.$OpenProcessToken failed with error.$SeDebugPrivilege
                                                                                                                                                                                            • API String ID: 2027225508-1421965758
                                                                                                                                                                                            • Opcode ID: 3c2a010531a41d6a138b63df16a2447f6d92c7ce33a77c05a5eb31f4035ab06a
                                                                                                                                                                                            • Instruction ID: 47508dcaa2bdd05308c65e533e6ce9501e19bf8c803fc2ac41c007eff643d7e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c2a010531a41d6a138b63df16a2447f6d92c7ce33a77c05a5eb31f4035ab06a
                                                                                                                                                                                            • Instruction Fuzzy Hash: CFA1A331A00249DFDB10DFA8C955FDDBBB5EF15324F154298E515BB2A2EB709E04CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFD290 Relevance: 30.1, APIs: 13, Strings: 4, Instructions: 324commemoryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 422 afd290-afd2da CoInitializeEx 423 afd429-afd43e 422->423 424 afd2e0-afd2fa CoInitializeSecurity 422->424 425 afd423 CoUninitialize 424->425 426 afd300-afd321 CoCreateInstance 424->426 425->423 426->425 427 afd327-afd346 call b1527a 426->427 430 afd36d 427->430 431 afd348-afd365 SysAllocString 427->431 434 afd36f-afd37b 430->434 432 afd36b 431->432 433 afd616-afd61b call b14c10 431->433 432->434 436 afd620-afd62a call b14c10 433->436 435 afd381-afd3b8 434->435 434->436 441 afd3ba-afd3be 435->441 442 afd3f2-afd3f4 435->442 445 afd3cd-afd3d2 441->445 446 afd3c0-afd3c7 SysFreeString 441->446 443 afd41a-afd41e 442->443 444 afd3f6-afd40f CoSetProxyBlanket 442->444 443->425 449 afd43f-afd471 call aee190 * 2 444->449 450 afd411-afd415 444->450 447 afd3e4-afd3ef call b14f18 445->447 448 afd3d4-afd3dd call b153c8 445->448 446->445 447->442 448->447 459 afd477 449->459 460 afd473-afd475 449->460 450->443 461 afd479-afd47d 459->461 460->461 462 afd47f-afd481 461->462 463 afd483 461->463 464 afd485-afd4a3 462->464 463->464 466 afd4ef-afd4fb 464->466 467 afd4a5-afd4ad 464->467 468 afd53e-afd542 466->468 469 afd4fd-afd503 466->469 470 afd4af-afd4b1 467->470 471 afd4e8 467->471 468->450 472 afd548-afd55b 468->472 469->468 473 afd505-afd507 469->473 470->471 474 afd4b3-afd4b7 470->474 471->466 475 afd5df-afd5f7 CoUninitialize 472->475 476 afd561 472->476 473->468 477 afd509-afd50d 473->477 478 afd4b9-afd4c0 SysFreeString 474->478 479 afd4c6-afd4cb 474->479 499 afd600-afd615 475->499 482 afd567-afd57d 476->482 483 afd50f-afd516 SysFreeString 477->483 484 afd51c-afd521 477->484 478->479 480 afd4dd-afd4e5 call b14f18 479->480 481 afd4cd-afd4d6 call b153c8 479->481 480->471 481->480 482->475 497 afd57f-afd59a 482->497 483->484 488 afd533-afd53b call b14f18 484->488 489 afd523-afd52c call b153c8 484->489 488->468 489->488 500 afd59e-afd5a3 497->500 501 afd5a9-afd5ae 500->501 502 afd5a5-afd5a7 500->502 504 afd5b0-afd5b9 501->504 503 afd5bf-afd5dd call ab2c70 VariantClear 502->503 503->475 503->482 504->504 506 afd5bb-afd5bd 504->506 506->503
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,B994DF4A,?,00000010), ref: 00AFD2D2
                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000010), ref: 00AFD2F2
                                                                                                                                                                                            • CoCreateInstance.OLE32(00B40450,00000000,00000001,00B40440,?,?,00000010), ref: 00AFD319
                                                                                                                                                                                            • SysAllocString.OLEAUT32(ROOT\CIMV2), ref: 00AFD35B
                                                                                                                                                                                            • SysFreeString.OLEAUT32 ref: 00AFD3C1
                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00AFD407
                                                                                                                                                                                            • CoUninitialize.OLE32(?,00000010), ref: 00AFD423
                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00AFD4BA
                                                                                                                                                                                            • SysFreeString.OLEAUT32(00000000), ref: 00AFD510
                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 00AFD5CD
                                                                                                                                                                                            • CoUninitialize.OLE32(00000000), ref: 00AFD5F7
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00AFD61B
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00AFD625
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: String$Free$InitializeUninitialize_com_issue_error$AllocBlanketClearCreateInstanceProxySecurityVariant
                                                                                                                                                                                            • String ID: ROOT\CIMV2$SELECT * FROM Win32_ComputerSystemProduct$UUID$WQL
                                                                                                                                                                                            • API String ID: 1007591970-4235021490
                                                                                                                                                                                            • Opcode ID: 6d0539677b3938221067ee8384f61e6b08dba0298cd51104a6147e5b1527ce38
                                                                                                                                                                                            • Instruction ID: 7a84b71a171883d3ca4e2f28746b842d1c9d9cbd983e1f979f3734c2231b67b9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d0539677b3938221067ee8384f61e6b08dba0298cd51104a6147e5b1527ce38
                                                                                                                                                                                            • Instruction Fuzzy Hash: ADB19F71A00309EBEB21DF94CC45BAEB7F5EF44B15F244258FA15AB2D0DB71A901CBA4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACE670 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 141serviceCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00ACE83C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • OpenSCManagerW.ADVAPI32 ref: 00ACE73B
                                                                                                                                                                                            • OpenServiceW.ADVAPI32(00000000,?,000F003F), ref: 00ACE751
                                                                                                                                                                                            • ControlService.ADVAPI32(00000000,00000001,?), ref: 00ACE774
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: OpenService$ControlFindHeapManagerMtx_unlockProcessResource
                                                                                                                                                                                            • String ID: FastSrv
                                                                                                                                                                                            • API String ID: 1621622955-3919950210
                                                                                                                                                                                            • Opcode ID: bab536900333e55fdaf6a66828eb37aa0877c634cdfe8f7d62cd8f052da156f1
                                                                                                                                                                                            • Instruction ID: 5a1844a824ef676f59bb830fc5f8349209f5c37e0afdef64ae8824e4c3629c52
                                                                                                                                                                                            • Opcode Fuzzy Hash: bab536900333e55fdaf6a66828eb37aa0877c634cdfe8f7d62cd8f052da156f1
                                                                                                                                                                                            • Instruction Fuzzy Hash: B651AFB1900B09EFDB10DF65C945BAAF7F4FF15300F10825EE919A7681EBB5A614CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE1114 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE1147
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(B994DF4A,?,?,?,00ACE670), ref: 00AE142D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentMtx_unlockProcess
                                                                                                                                                                                            • String ID: invalid unordered_map<K, T> key$T8
                                                                                                                                                                                            • API String ID: 2892850118-3870718432
                                                                                                                                                                                            • Opcode ID: 0b30ab00c574147e29d1b830d110a1a12b4eb3d967bb5d5a63f22ed21956529d
                                                                                                                                                                                            • Instruction ID: 3b03d4905bbe04acac4e187b7d5fdbda0fa2b4f439a571d4caa1438551efdb09
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b30ab00c574147e29d1b830d110a1a12b4eb3d967bb5d5a63f22ed21956529d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 93919AB1900245DFEB14DF68C985B5ABBF4FF04304F1485A9E8099B782E7B5E918CBE1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AF30D0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75registryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 707 af30d0-af315d RegCreateKeyW RegQueryValueExW CloseHandle 708 af3160-af3169 707->708 708->708 709 af316b-af3172 708->709 710 af325d-af3276 call b14f0a 709->710 711 af3178-af3181 call ab3800 709->711 711->710 716 af3277-af3281 call ab35d0 711->716
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegCreateKeyW.ADVAPI32(80000002,?,B994DF4A), ref: 00AF3110
                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(?,SettingV1,00000000,?,?,?), ref: 00AF3142
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00AF314E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateHandleQueryValue
                                                                                                                                                                                            • String ID: SettingV1
                                                                                                                                                                                            • API String ID: 1834280758-37080684
                                                                                                                                                                                            • Opcode ID: 1b044ed515a3a8eb26b381eaf8f45008c8535b65616a39b72f6470b97bd67277
                                                                                                                                                                                            • Instruction ID: 5b5abcd93d36248588fc1b4b10ce4c7710e01c344c24de0983584bc1a87c1a31
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b044ed515a3a8eb26b381eaf8f45008c8535b65616a39b72f6470b97bd67277
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9D11A27694011DABCF25AB94CC99FFAB778FB09300F00029AEA16A3690DB705B45CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AD0E03 Relevance: 6.2, APIs: 4, Instructions: 236registryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 719 ad0e03-ad0e38 call b153bf RegQueryValueExW 722 ad0e3a-ad0e4c call ab3800 CloseHandle call b153c8 719->722 723 ad0e51-ad0e65 call b22dbd 719->723 738 ad108c-ad1096 call ab35d0 722->738 739 ad0dc6-ad0dd0 722->739 729 ad0f8c-ad0f8e 723->729 730 ad0e6b-ad0e6d 723->730 729->722 731 ad0f94-ad0f9d call ab3800 729->731 730->722 733 ad0e6f-ad0e78 call ab3800 730->733 731->738 742 ad0fa3-ad0fbe 731->742 733->738 743 ad0e7e-ad0e98 733->743 747 ad0dd2-ad0de5 739->747 749 ad0fc4-ad0fd3 742->749 750 ad1071-ad1076 742->750 751 ad0e9e-ad0ead 743->751 752 ad1082-ad1087 call ab35d0 743->752 756 ad0fd5-ad0fe1 call ab2c10 749->756 757 ad0fe4-ad0fe7 749->757 758 ad107d call ab35d0 750->758 753 ad0eaf-ad0ebb call ab2c10 751->753 754 ad0ebe-ad0ec1 751->754 752->738 753->754 754->752 760 ad0ec7-ad0ed4 754->760 756->757 757->750 762 ad0fed-ad0ffa 757->762 758->752 765 ad0ee4-ad0ee9 760->765 766 ad0ed6-ad0ee1 call ab2dd0 760->766 768 ad100d-ad101a call b22f6d 762->768 769 ad0ffc-ad100a call ab2dd0 762->769 772 ad0f38-ad0f46 765->772 773 ad0eeb-ad0eed 765->773 766->765 781 ad0eff-ad0f1a CloseHandle call b153c8 call ab3800 768->781 782 ad1020-ad102a FindCloseChangeNotification call b153c8 768->782 769->768 772->752 777 ad0f4c-ad0f5b 772->777 778 ad0f2d-ad0f35 call b16cb0 773->778 779 ad0eef-ad0efa call b1a47d call b1a37f 773->779 784 ad0f5d-ad0f69 call ab2c10 777->784 785 ad0f6c-ad0f78 777->785 778->772 779->781 801 ad1078 781->801 802 ad0f20-ad0f28 781->802 794 ad102f-ad1037 call ab2b20 782->794 784->785 785->752 792 ad0f7e-ad0f87 785->792 792->782 800 ad103c-ad104f 794->800 800->747 803 ad1055-ad1070 800->803 801->758 802->800
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,?), ref: 00AD0E30
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,00000000,?), ref: 00AD0E3D
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00AD0F02
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseHandle$HeapProcessQueryValue
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2212251029-0
                                                                                                                                                                                            • Opcode ID: 61247f6967e5cc37495aca82151844d65fd4eddf02fe4f1cd5f65dbe976b1510
                                                                                                                                                                                            • Instruction ID: 7e09413ea9ae37bb18494a33bbdab79e98595468f61a798dfffc45de38d54601
                                                                                                                                                                                            • Opcode Fuzzy Hash: 61247f6967e5cc37495aca82151844d65fd4eddf02fe4f1cd5f65dbe976b1510
                                                                                                                                                                                            • Instruction Fuzzy Hash: C7819EB5A002069FDB14EFA4C945AEFF7F5EF44310F14442AE942A7351EB31AA40CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFD190 Relevance: 4.6, APIs: 3, Instructions: 79COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 806 afd190-afd1bd 807 afd254-afd268 806->807 808 afd1c3-afd1d9 call afe132 806->808 811 afd1df-afd1e9 808->811 812 afd269-afd26b call afed8e 808->812 813 afd1ef-afd1fd 811->813 814 afd270-afd278 call afed8e 811->814 812->814 816 afd1ff-afd21b call b1527a call ab3800 813->816 817 afd247-afd251 call afe157 813->817 821 afd27d-afd287 call ab35d0 814->821 816->821 828 afd21d-afd234 call afd290 816->828 817->807 831 afd239-afd245 call afd630 828->831 831->817
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AFD24C
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AFD290: CoInitializeEx.OLE32(00000000,00000000,B994DF4A,?,00000010), ref: 00AFD2D2
                                                                                                                                                                                              • Part of subcall function 00AFD290: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000010), ref: 00AFD2F2
                                                                                                                                                                                              • Part of subcall function 00AFD290: CoCreateInstance.OLE32(00B40450,00000000,00000001,00B40440,?,?,00000010), ref: 00AFD319
                                                                                                                                                                                              • Part of subcall function 00AFD290: SysAllocString.OLEAUT32(ROOT\CIMV2), ref: 00AFD35B
                                                                                                                                                                                              • Part of subcall function 00AFD290: SysFreeString.OLEAUT32 ref: 00AFD3C1
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AFD26B
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AFD278
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorInitializeStringThrow_std::_$AllocCreateFreeHeapInstanceMtx_unlockProcessSecurity
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1505922456-0
                                                                                                                                                                                            • Opcode ID: 16344542becdbd6f910f07758e164880c52e9abcd9ec895d091c27b4d5e15108
                                                                                                                                                                                            • Instruction ID: 0a8e5f454bf64d0a1c7762a29b7a2ba99d61eb9d0273744f8df745f8a099b15a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 16344542becdbd6f910f07758e164880c52e9abcd9ec895d091c27b4d5e15108
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6921C271610248DBDB21EBE98902B6B77E5EB04754F004168FA14DB3D2EFB499048B92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B278D8 Relevance: 4.5, APIs: 3, Instructions: 15COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,?,00B278D2,?,00B1A182,?,?,B994DF4A,00B1A182,?), ref: 00B278E9
                                                                                                                                                                                            • TerminateProcess.KERNEL32(00000000,?,00B278D2,?,00B1A182,?,?,B994DF4A,00B1A182,?), ref: 00B278F0
                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00B27902
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                            • Opcode ID: 0bc1851dc4393c6b8330e1478a3d256d1480096964ccaa49f150e87739dc7cb4
                                                                                                                                                                                            • Instruction ID: 24c7afe87aaf8b046f2047b009de61a475011e006e3cdd816db279d83ecb742f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bc1851dc4393c6b8330e1478a3d256d1480096964ccaa49f150e87739dc7cb4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FD06C35058219BBCB513F65EC0E99A3F6AEE45391B404060BA4D6A121DF319A92DB84
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE1864 Relevance: 3.2, APIs: 2, Instructions: 200COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 841 ae1864-ae186c 842 ae1a1c-ae33ff call afed8e call afe132 call afed8e call ab35d0 call afed8e call b1a38f 841->842 843 ae1872-ae1893 call ae3d70 841->843 849 ae189d-ae1918 call b1527a * 6 call ada2f0 843->849 850 ae1895-ae1898 call ae7500 843->850 877 ae191d-ae193d call ae06e0 849->877 850->849 880 ae193f-ae1945 877->880 881 ae1947-ae194e call ae8330 877->881 882 ae1953-ae195f 880->882 881->882 884 ae1969-ae1970 call ae8330 882->884 885 ae1961-ae1967 882->885 886 ae1975-ae1981 884->886 885->886 888 ae198b-ae1992 call ae8330 886->888 889 ae1983-ae1989 886->889 890 ae1997-ae19a3 888->890 889->890 892 ae19ad-ae19b4 call ae8330 890->892 893 ae19a5-ae19ab 890->893 894 ae19b9-ae19c5 892->894 893->894 896 ae19cf-ae19d6 call ae8330 894->896 897 ae19c7-ae19cd 894->897 898 ae19db-ae19e4 896->898 897->898 900 ae19ee-ae19f5 call ae8330 898->900 901 ae19e6-ae19ec 898->901 902 ae19fa-ae1a14 call afe157 900->902 901->902 902->842
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE1A22
                                                                                                                                                                                              • Part of subcall function 00AE3D70: LoadLibraryW.KERNEL32(ntdll.dll,B994DF4A,?,?,00000006,00000005,00000005,?,?,?,?,?,00000005,00000006,00000005), ref: 00AE3D9C
                                                                                                                                                                                              • Part of subcall function 00AE3D70: GetProcAddress.KERNEL32(00000000,NtWow64ReadVirtualMemory64), ref: 00AE3DB0
                                                                                                                                                                                              • Part of subcall function 00AE3D70: GetProcAddress.KERNEL32(00000000,NtWow64QueryInformationProcess64), ref: 00AE3DB8
                                                                                                                                                                                              • Part of subcall function 00AE3D70: GetProcAddress.KERNEL32(00000000,NtQueryInformationProcess), ref: 00AE3DC0
                                                                                                                                                                                              • Part of subcall function 00AE3D70: GetProcAddress.KERNEL32(00000000,NtSetInformationProcess), ref: 00AE3DCD
                                                                                                                                                                                              • Part of subcall function 00AE3D70: GetProcAddress.KERNEL32(00000000,NtSuspendProcess), ref: 00AE3DDA
                                                                                                                                                                                              • Part of subcall function 00AE3D70: GetProcAddress.KERNEL32(00000000,NtResumeProcess), ref: 00AE3DE7
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE19FB
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressProc$Cpp_errorLibraryLoadMtx_unlockThrow_std::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2423495643-0
                                                                                                                                                                                            • Opcode ID: a84416e383a127c6cfe2e0c73686f9647ea1a516a6d89afb89b1bdf6f0803cc7
                                                                                                                                                                                            • Instruction ID: 7dd0b4104fb494d5f20050817074d4d10604b0729332f535e18ca86a228da91e
                                                                                                                                                                                            • Opcode Fuzzy Hash: a84416e383a127c6cfe2e0c73686f9647ea1a516a6d89afb89b1bdf6f0803cc7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8771BEB1900245EFDB04DF95C992ABEF7F4FB49310F104269E41AA7381EB34B905CBA2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE4F00 Relevance: 3.1, APIs: 2, Instructions: 79COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 906 ae4f00-ae4f5a call ae71b0 CoInitializeEx 909 ae55c8-ae55e5 call b14f0a 906->909 910 ae4f60-ae4fe6 call ae8630 CoInitializeSecurity 906->910 916 ae4fec-ae500d CoCreateInstance 910->916 917 ae559d-ae55a9 910->917 920 ae5585-ae558e 916->920 921 ae5013-ae5036 call b1527a 916->921 918 ae55fa-ae55ff call afdc7e 917->918 919 ae55ab 917->919 927 ae55b0-ae55b5 919->927 920->917 924 ae5590-ae5599 920->924 928 ae505d 921->928 929 ae5038-ae5055 SysAllocString 921->929 924->917 927->909 930 ae55b7-ae55c4 927->930 933 ae505f-ae5068 928->933 931 ae505b 929->931 932 ae55e6-ae55eb call b14c10 929->932 930->909 931->933 935 ae55f0-ae55f5 call b14c10 932->935 934 ae506e-ae5077 933->934 933->935 937 ae5079-ae5082 934->937 938 ae5086-ae50ac 934->938 935->918 937->938 941 ae50ae-ae50b2 938->941 942 ae50e6-ae50e8 938->942 945 ae50b4-ae50bb SysFreeString 941->945 946 ae50c1-ae50c6 941->946 943 ae50ee-ae5107 CoSetProxyBlanket 942->943 944 ae556d-ae5576 942->944 943->944 947 ae510d-ae5146 call aee190 * 2 943->947 944->920 948 ae5578-ae5581 944->948 945->946 949 ae50d8-ae50e3 call b14f18 946->949 950 ae50c8-ae50d1 call b153c8 946->950 959 ae514f 947->959 960 ae5148-ae514d 947->960 948->920 949->942 950->949 961 ae5156-ae515a 959->961 960->961 962 ae515c-ae515e 961->962 963 ae5160 961->963 964 ae5162-ae5167 962->964 963->964 965 ae5169-ae5172 964->965 966 ae5176-ae5193 964->966 965->966 968 ae51df-ae51e4 966->968 969 ae5195-ae519d 966->969 970 ae51e6-ae51ec 968->970 971 ae5227-ae522b 968->971 972 ae519f-ae51a1 969->972 973 ae51d8 969->973 970->971 976 ae51ee-ae51f0 970->976 974 ae5555 971->974 975 ae5231-ae5248 971->975 972->973 977 ae51a3-ae51a7 972->977 973->968 981 ae5558-ae555e 974->981 978 ae524e 975->978 979 ae553d-ae5546 975->979 976->971 980 ae51f2-ae51f6 976->980 982 ae51a9-ae51b0 SysFreeString 977->982 983 ae51b6-ae51bb 977->983 984 ae5254-ae5259 978->984 979->981 985 ae5548-ae5551 979->985 986 ae51f8-ae51ff SysFreeString 980->986 987 ae5205-ae520a 980->987 981->944 988 ae5560-ae5569 981->988 982->983 989 ae51cd-ae51d5 call b14f18 983->989 990 ae51bd-ae51c6 call b153c8 983->990 992 ae525b-ae5264 984->992 993 ae5268-ae527e 984->993 985->974 986->987 994 ae521c-ae5224 call b14f18 987->994 995 ae520c-ae5215 call b153c8 987->995 988->944 989->973 990->989 992->993 1004 ae553a 993->1004 1005 ae5284-ae52e6 VariantInit * 2 993->1005 994->971 995->994 1004->979 1007 ae52ea-ae52f2 1005->1007 1008 ae52f8-ae52fd 1007->1008 1009 ae5517-ae5532 VariantClear * 2 1007->1009 1008->1009 1011 ae5303-ae530b 1008->1011 1009->984 1010 ae5538 1009->1010 1010->979 1011->1009 1012 ae5311-ae5368 call ac6ee0 1011->1012 1015 ae536d-ae5372 1012->1015 1016 ae536a 1012->1016 1015->1009 1017 ae5378-ae5383 1015->1017 1016->1015 1018 ae5385-ae538b 1017->1018 1019 ae538d-ae5390 1018->1019 1020 ae53ab-ae53ad 1018->1020 1021 ae53a7-ae53a9 1019->1021 1022 ae5392-ae539a 1019->1022 1023 ae53b0-ae53be 1020->1023 1021->1023 1022->1020 1024 ae539c-ae53a5 1022->1024 1025 ae53c0-ae53c6 1023->1025 1024->1018 1024->1021 1026 ae53c8-ae53cb 1025->1026 1027 ae53e6-ae53e8 1025->1027 1029 ae53cd-ae53d5 1026->1029 1030 ae53e2-ae53e4 1026->1030 1028 ae53eb-ae53fc 1027->1028 1031 ae5400-ae5406 1028->1031 1029->1027 1032 ae53d7-ae53e0 1029->1032 1030->1028 1033 ae5408-ae540b 1031->1033 1034 ae5426-ae5428 1031->1034 1032->1025 1032->1030 1035 ae540d-ae5415 1033->1035 1036 ae5422-ae5424 1033->1036 1037 ae542b-ae543c 1034->1037 1035->1034 1038 ae5417-ae5420 1035->1038 1036->1037 1039 ae5440-ae5446 1037->1039 1038->1031 1038->1036 1040 ae5448-ae544b 1039->1040 1041 ae5466-ae5468 1039->1041 1043 ae544d-ae5455 1040->1043 1044 ae5462-ae5464 1040->1044 1042 ae546b-ae547c 1041->1042 1045 ae5480-ae5486 1042->1045 1043->1041 1046 ae5457-ae5460 1043->1046 1044->1042 1047 ae5488-ae548b 1045->1047 1048 ae54a6-ae54a8 1045->1048 1046->1039 1046->1044 1049 ae548d-ae5495 1047->1049 1050 ae54a2-ae54a4 1047->1050 1051 ae54ab-ae54ba 1048->1051 1049->1048 1052 ae5497-ae54a0 1049->1052 1050->1051 1053 ae54c0-ae54c6 1051->1053 1052->1045 1052->1050 1054 ae54c8-ae54cb 1053->1054 1055 ae54e6-ae54e8 1053->1055 1056 ae54cd-ae54d5 1054->1056 1057 ae54e2-ae54e4 1054->1057 1058 ae54eb-ae5511 call ae7be0 1055->1058 1056->1055 1059 ae54d7-ae54e0 1056->1059 1057->1058 1058->1009 1059->1053 1059->1057
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,B994DF4A,?,00000000), ref: 00AE4F52
                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?), ref: 00AE4FDE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize$Security
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 119290355-0
                                                                                                                                                                                            • Opcode ID: bafcdd56019df342c87df8ca9e86a41006739377ff026c060483ed3233a8f271
                                                                                                                                                                                            • Instruction ID: 01467c789751d025a31581110789981d8f78b3379dd387aee46d2edfcb537088
                                                                                                                                                                                            • Opcode Fuzzy Hash: bafcdd56019df342c87df8ca9e86a41006739377ff026c060483ed3233a8f271
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7319470E05348EBEB10DF65CD46BAEBBB4FB04B10F104269E915A72C0DB746A04CB65
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2A5AB Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1062 b2a5ab-b2a5b4 1063 b2a5e3-b2a5e4 1062->1063 1064 b2a5b6-b2a5c9 RtlFreeHeap 1062->1064 1064->1063 1065 b2a5cb-b2a5e2 GetLastError call b1a3e0 call b1a47d 1064->1065 1065->1063
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000000,?,00B30E26,?,00000000,?,?,00B310C7,?,00000007,?,?,00B315BB,?,?), ref: 00B2A5C1
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,00B30E26,?,00000000,?,?,00B310C7,?,00000007,?,?,00B315BB,?,?), ref: 00B2A5CC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                            • Opcode ID: ad499faf8d7091ea51c19745ad2bb81113a3fc12ca9fd63a3a2656956b012c68
                                                                                                                                                                                            • Instruction ID: 4b186830c74121e8f4e62f5ef63746b4602209bb28a926e87bf36d6f7d52dbb8
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad499faf8d7091ea51c19745ad2bb81113a3fc12ca9fd63a3a2656956b012c68
                                                                                                                                                                                            • Instruction Fuzzy Hash: 97E0863210121467CB163BA0FD09B963B98EB013A1F0400A0F60C87170DA749A908789
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ADA2F0 Relevance: 1.9, APIs: 1, Instructions: 364COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • PowerGetActiveScheme.POWRPROF(00000000,00000000,00000010,00000000,00000000,?,00000000,?,?,?,00000000,?), ref: 00ADA9B6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ActivePowerScheme
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 556561246-0
                                                                                                                                                                                            • Opcode ID: 30600f2d9bba62f2ac228fea89d82a7d7fa7abcab9c4acaccc5db78c58ccbf41
                                                                                                                                                                                            • Instruction ID: fbe9f03f3039f814388322338b45569f863b021f3dc38b8ced10e9a192b12431
                                                                                                                                                                                            • Opcode Fuzzy Hash: 30600f2d9bba62f2ac228fea89d82a7d7fa7abcab9c4acaccc5db78c58ccbf41
                                                                                                                                                                                            • Instruction Fuzzy Hash: E81204B0C15769CAEB21CF24C9487D9BBB0BF59308F1092D9D94C6B252EBB56AC4CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACE5D0 Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1125 ace5d0-ace66b GetTickCount64 call ae13f0
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00ACE658
                                                                                                                                                                                              • Part of subcall function 00AE1114: GetCurrentProcessId.KERNEL32(B994DF4A,?,?,?,00ACE670), ref: 00AE142D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Count64CurrentProcessTick
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 394760598-0
                                                                                                                                                                                            • Opcode ID: 4521fd677f4f04e54cce7c7d3973c0f9ceb1e296a199c7f5a9a5e36aa8d6a38d
                                                                                                                                                                                            • Instruction ID: 7901d7288d12fa9dfea40fc5ef2416beea79dbf62aa1470642fb91c4a7721603
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4521fd677f4f04e54cce7c7d3973c0f9ceb1e296a199c7f5a9a5e36aa8d6a38d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 571127B0815B44DFD360DF2AC984707BFF8FB09714F504A2DE49A97A80D7B4A5088BA2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00AE4945 Relevance: 14.4, APIs: 3, Strings: 5, Instructions: 448nativeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtQueryInformationProcess.NTDLL(?,00000021,?,00000004,00000004), ref: 00AE4961
                                                                                                                                                                                            • GetProcessPriorityBoost.KERNEL32(?,?), ref: 00AE498C
                                                                                                                                                                                            • NtQueryInformationProcess.NTDLL(?,0000004D,?,0000000C,00000004), ref: 00AE4ADB
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$InformationQuery$BoostFindHeapPriorityResource
                                                                                                                                                                                            • String ID: Error$GetProcessPriorityBoost failed.$NtQueryInformationProcess( IoPriority ) failed.$NtQueryInformationProcess( MemoryPriority ) failed.$NtQueryInformationProcess( PowerThrottling ) failed.
                                                                                                                                                                                            • API String ID: 1022449687-538589305
                                                                                                                                                                                            • Opcode ID: 292bfce5457c4cbd58652c9798a028a80093e73017a912d043f13c1592681904
                                                                                                                                                                                            • Instruction ID: f40d199fe31989b42a1d6522b03adfd6824a84d061fcc52f76e5b416d6a1fd42
                                                                                                                                                                                            • Opcode Fuzzy Hash: 292bfce5457c4cbd58652c9798a028a80093e73017a912d043f13c1592681904
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1512B130D01689CBEB10DFE9C955BDDFBB4BF55314F248298E414AB292EBB49E44CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACF410 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 267registrynetworkCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • InternetCheckConnectionW.WININET(https://veryfast.io/,00000001,00000000), ref: 00ACF460
                                                                                                                                                                                            • InternetCheckConnectionW.WININET(https://veryfast.io/,00000001,00000000), ref: 00ACF4B4
                                                                                                                                                                                            • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00ACF674
                                                                                                                                                                                            • RegSetKeyValueW.ADVAPI32(?,00B4BC8C,SettingV1,00000001,?,?,?,00B60548), ref: 00ACF6AE
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,00B60548), ref: 00ACF6C5
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CheckConnectionInternet$CloseCreateHandleValue
                                                                                                                                                                                            • String ID: SettingV1$https://veryfast.io/
                                                                                                                                                                                            • API String ID: 2665258096-3191702569
                                                                                                                                                                                            • Opcode ID: 3df74b1f139adf55d23d8f45ffd9631d23858510669ab3f25061b008887f7c52
                                                                                                                                                                                            • Instruction ID: 010df3b4219ade0b6a9e9275553f952261b1ba6c5e8d71e47b404fa043d9b5ed
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3df74b1f139adf55d23d8f45ffd9631d23858510669ab3f25061b008887f7c52
                                                                                                                                                                                            • Instruction Fuzzy Hash: D8A1D571D002489FDB10DFA4C985FAEB7F9EF14310F158269F916AB2D1EB74AA44CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AD0BA0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 38libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryW.KERNEL32(gdi32.dll,?,?,00AD0CFE,?,00000005), ref: 00AD0BAF
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,GetDeviceGammaRamp), ref: 00AD0BC1
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,SetDeviceGammaRamp), ref: 00AD0BD1
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000005), ref: 00AD0BEA
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressLibraryProc$FreeLoad
                                                                                                                                                                                            • String ID: GetDeviceGammaRamp$SetDeviceGammaRamp$gdi32.dll
                                                                                                                                                                                            • API String ID: 2256533930-872364236
                                                                                                                                                                                            • Opcode ID: 5d25e31c575d1c6746c98ef999a8e1393e3f04db5d753a9d91518ee79e815c76
                                                                                                                                                                                            • Instruction ID: ac2a89f10580764281b486082adf7cfcb07794f184ce04522350e868138a8321
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d25e31c575d1c6746c98ef999a8e1393e3f04db5d753a9d91518ee79e815c76
                                                                                                                                                                                            • Instruction Fuzzy Hash: 28F01FB8654213EFDB005FBA8888E15FBA8FB1430AB10C43BEA12D3211DB71C960CA60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AEE310 Relevance: 10.7, APIs: 7, Instructions: 232timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,B994DF4A,?,?), ref: 00AEE38A
                                                                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00AEE3A8
                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 00AEE3CF
                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32(?,B994DF4A,?,?), ref: 00AEE433
                                                                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,?), ref: 00AEE451
                                                                                                                                                                                            • GetProcessTimes.KERNEL32(00000000,?,?,?,?), ref: 00AEE479
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00AEE609
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ProcessTime$FileOpenSystemTimes$CloseHandle
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4159735832-0
                                                                                                                                                                                            • Opcode ID: bdd254c956bacd98e09c4afd57afcf44cb0dc1f57f00094d35f814964c775acb
                                                                                                                                                                                            • Instruction ID: 2a1c83606162f6a25f2b9bd330ba6834341218373acb6f37f87c6e2eb622a84c
                                                                                                                                                                                            • Opcode Fuzzy Hash: bdd254c956bacd98e09c4afd57afcf44cb0dc1f57f00094d35f814964c775acb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 02A19C71E20A19DBCB15DFB9C941AAEB7B5FF59310F10832AE905A7250EB30B945CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AD5860 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 95keyboardCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000079), ref: 00AD5876
                                                                                                                                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00AD5883
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AD58BC
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AD5913
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AD5940
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • invalid unordered_map<K, T> key, xrefs: 00AD5965
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Count64Tick$AsyncState
                                                                                                                                                                                            • String ID: invalid unordered_map<K, T> key
                                                                                                                                                                                            • API String ID: 381133608-353222475
                                                                                                                                                                                            • Opcode ID: 1cdda80e1ea1a7e9e468bda19bdbad2b4a4b7ea83a12b518d1c037b165790c04
                                                                                                                                                                                            • Instruction ID: 206a871ba07ddaefbcf673cb5bc820e9bf63326dc06d9edf2f14505729efacd3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cdda80e1ea1a7e9e468bda19bdbad2b4a4b7ea83a12b518d1c037b165790c04
                                                                                                                                                                                            • Instruction Fuzzy Hash: 86319E769053059BC700EF64D98199BBBECFF88310F40066FF99697251EB30E949DBA2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B325D1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,2000000B,00B328E3,00000002,00000000,?,?,?,00B328E3,?,00000000), ref: 00B3266A
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,20001004,00B328E3,00000002,00000000,?,?,?,00B328E3,?,00000000), ref: 00B32693
                                                                                                                                                                                            • GetACP.KERNEL32(?,?,00B328E3,?,00000000), ref: 00B326A8
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InfoLocale
                                                                                                                                                                                            • String ID: ACP$OCP
                                                                                                                                                                                            • API String ID: 2299586839-711371036
                                                                                                                                                                                            • Opcode ID: a933ac9889d465bbf2e2e5b247ef3004caffa7a4bb4545bb30dff1abd7065710
                                                                                                                                                                                            • Instruction ID: 91f89d5d54e7d947840cf708d6bb77a34c523070eccb5ea052e700828334dfd4
                                                                                                                                                                                            • Opcode Fuzzy Hash: a933ac9889d465bbf2e2e5b247ef3004caffa7a4bb4545bb30dff1abd7065710
                                                                                                                                                                                            • Instruction Fuzzy Hash: AC21B076A10105AAEB348F64C906B9B73E6FF54B54F7784E4E90AD7200EB32EE40D390
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B327AD Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00B2A2C0: GetLastError.KERNEL32(?,00000000,00B22C70,00B591C0,00000008,00000003,00B1A182,?,00B1A0F1,00000004,?,00B1A300), ref: 00B2A2C4
                                                                                                                                                                                              • Part of subcall function 00B2A2C0: SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,?,?,?,00000000,?,?,?,00B280B6,00B59328,0000000C,00B28374), ref: 00B2A366
                                                                                                                                                                                            • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00B328B5
                                                                                                                                                                                            • IsValidCodePage.KERNEL32(00000000), ref: 00B328F3
                                                                                                                                                                                            • IsValidLocale.KERNEL32(?,00000001), ref: 00B32906
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00B3294E
                                                                                                                                                                                            • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00B32969
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 415426439-0
                                                                                                                                                                                            • Opcode ID: 8d11d45b3d280d74d6a8006598721e47c144c22d406c798f73177492cb615f7d
                                                                                                                                                                                            • Instruction ID: e6aff906ac48f9d6b4e28604bea945db57e27463e09977edcef9f612290c19cd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d11d45b3d280d74d6a8006598721e47c144c22d406c798f73177492cb615f7d
                                                                                                                                                                                            • Instruction Fuzzy Hash: ED517171A10616AFEF14EFA5DC41BBEB7F8FF04700F2845A9A900E7191DB709A44CB61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B219D0 Relevance: 6.5, APIs: 4, Instructions: 455COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 80574304780fa03931576ce0673ccaedb6783fd5de0d55e5dbffff9e756aead7
                                                                                                                                                                                            • Instruction ID: 3068506f92f7f9b656cc74f7e0a362eea9c0cb2ce4f0ab2b83ada5d40fd1da18
                                                                                                                                                                                            • Opcode Fuzzy Hash: 80574304780fa03931576ce0673ccaedb6783fd5de0d55e5dbffff9e756aead7
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD023C71E012299BDF14CFADD8806AEB7F1FF58314F2586A9D919EB340D731A941CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2F3F6 Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000), ref: 00B2F491
                                                                                                                                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00B2F50C
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00B2F52E
                                                                                                                                                                                            • FindClose.KERNEL32(00000000), ref: 00B2F551
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Find$CloseFile$FirstNext
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1164774033-0
                                                                                                                                                                                            • Opcode ID: 98edf69a7b3b497afa74531e7eece519bd30edbe21a9892c27b4647e5c443fd9
                                                                                                                                                                                            • Instruction ID: b2e9a804dedf8440b71d067b5843a8cd59dd374b77c40c7a8a829a7fef9aeca0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 98edf69a7b3b497afa74531e7eece519bd30edbe21a9892c27b4647e5c443fd9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B41987190013A9EDB20EF64EC89EBAB7F9EB95309F1041F5E51997244E7749E808B50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B15C14 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00B15C20
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32 ref: 00B15CEC
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B15D0C
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00B15D16
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 254469556-0
                                                                                                                                                                                            • Opcode ID: 13b8ea48b686f069502d44b3ba78dc503b99989892e76bab564e0a43feb01e75
                                                                                                                                                                                            • Instruction ID: 20ae0ab17150fd8c86f31597a2a6285d032bce21c9ffa10518be9e8c14fd6615
                                                                                                                                                                                            • Opcode Fuzzy Hash: 13b8ea48b686f069502d44b3ba78dc503b99989892e76bab564e0a43feb01e75
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C311275D1521CDBDB20EFA4D989BCDBBF8AF08300F5040EAE508AB250EB709B858F44
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AB3460 Relevance: 4.5, APIs: 3, Instructions: 48COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadResource.KERNEL32(00000000,00000000,00000001,00000000,?,?,00AB351C,?,?,00000000,00000000,?,?,?), ref: 00AB346C
                                                                                                                                                                                            • LockResource.KERNEL32(00000000,?,?,00AB351C,?,?,00000000,00000000,?,?,?,?,?,00AB296A,?,?), ref: 00AB3477
                                                                                                                                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,?,00AB351C,?,?,00000000,00000000,?,?,?,?,?,00AB296A), ref: 00AB3485
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Resource$LoadLockSizeof
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2853612939-0
                                                                                                                                                                                            • Opcode ID: 177c971daeb8b7dbb852bd35f04f9d98acedc23a48ba65eb93229f092deba016
                                                                                                                                                                                            • Instruction ID: 1500e841e9a93328e2cc57634ce0dfdbbfb86bf6f223ab4b20e1baf2b49c3c8a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 177c971daeb8b7dbb852bd35f04f9d98acedc23a48ba65eb93229f092deba016
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AF0F2335106255B8F326B79AC489B7B79CEEC17663014D2AFD4AD3211F975DD4443E0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2CDE2 Relevance: 1.9, APIs: 1, Instructions: 408timeCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00B2D227,00000000,00000000,00000000), ref: 00B2D0E6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InformationTimeZone
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 565725191-0
                                                                                                                                                                                            • Opcode ID: 7995bc8b1ea2026a02ae23643cfd3cff2b644d65cb8ec3893affe435207fb533
                                                                                                                                                                                            • Instruction ID: 4a496c0e9561cb53f931c42f5e0ed5fd9829938eb8172345ba6a677f939d5ddf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7995bc8b1ea2026a02ae23643cfd3cff2b644d65cb8ec3893affe435207fb533
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CC10772900135ABDB20BF65EC42ABE7BF9EF58710F5040A6F909E7291EB709E41C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AF3C90 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 247registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00AF3AAC,DisplayVersion,00000000,00000001,0161ED38,00000000,2.338,00000005,B994DF4A,?), ref: 00AF3D24
                                                                                                                                                                                            • RegSetValueExW.ADVAPI32(00AF3AAC,?,00000000,00000001,?,00000000,3F800000,00000010), ref: 00AF3FDB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID: 2.338$DisplayVersion$LostVersion$cpu_name$dsk_iosec$dsk_mbsec$gpu_name$gpu_ram$os_architecture$os_installdate$os_mem$os_name$os_virtmem$pc_vendor$pc_version
                                                                                                                                                                                            • API String ID: 3702945584-2557194662
                                                                                                                                                                                            • Opcode ID: 319ade4a5e7ca345cb3ea099a8aee3f11412e2edd8853aa35d087fb1769a88ef
                                                                                                                                                                                            • Instruction ID: e650bef3c3657e855fc31e4a5024e08ec88d048d06ce1e5821e240c52caac378
                                                                                                                                                                                            • Opcode Fuzzy Hash: 319ade4a5e7ca345cb3ea099a8aee3f11412e2edd8853aa35d087fb1769a88ef
                                                                                                                                                                                            • Instruction Fuzzy Hash: 11B1C6B291121DDFCF14DF81D899BEEBBF8BB14314F404159E502A7291DBB86A49CFA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE36BF Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 170filewindowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE36C6
                                                                                                                                                                                              • Part of subcall function 00AEED90: __Mtx_unlock.LIBCPMT ref: 00AEEE09
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE3756
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE3783
                                                                                                                                                                                              • Part of subcall function 00AEED90: std::_Throw_Cpp_error.LIBCPMT ref: 00AEEE1D
                                                                                                                                                                                              • Part of subcall function 00AEED90: std::_Throw_Cpp_error.LIBCPMT ref: 00AEEE28
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE37FC
                                                                                                                                                                                            • GetWindowTextW.USER32(?,?,000000FF), ref: 00AE381F
                                                                                                                                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00AE3848
                                                                                                                                                                                            • __Xtime_get_ticks.LIBCPMT ref: 00AE3872
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AE3880
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,?,?,00000000,00000000,?,00002710,00000000), ref: 00AE38B4
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE390E
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3919
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3920
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE392E
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3935
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3940
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • { "fast":{ "fast_tutorial_benchmark_done":%lld } }, xrefs: 00AE388D
                                                                                                                                                                                            • __fasttest__, xrefs: 00AE382B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock$FileMessagePostTextUnothrow_t@std@@@WindowWriteXtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID: __fasttest__${ "fast":{ "fast_tutorial_benchmark_done":%lld } }
                                                                                                                                                                                            • API String ID: 2821475390-3036676175
                                                                                                                                                                                            • Opcode ID: 97346ccebc13e5a859331716e7d60d03ec9b74cc5d89c2ea77680947ca47045a
                                                                                                                                                                                            • Instruction ID: 7831b5b7de3b79d251d5cd6441a8060d0bff743f96d84378e2c5c24a6c74440f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 97346ccebc13e5a859331716e7d60d03ec9b74cc5d89c2ea77680947ca47045a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0951D37194125CAFDB20EFA5CD49BAE73B8AF14310F1002A9F919A72D2EB709B44CF55
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0B065 Relevance: 28.9, APIs: 19, Instructions: 433COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B0B06C
                                                                                                                                                                                            • ctype.LIBCPMT ref: 00B0B0B3
                                                                                                                                                                                              • Part of subcall function 00B0A8AA: __Getctype.LIBCPMT ref: 00B0A8B9
                                                                                                                                                                                              • Part of subcall function 00B068D0: __EH_prolog3.LIBCMT ref: 00B068D7
                                                                                                                                                                                              • Part of subcall function 00B068D0: std::_Lockit::_Lockit.LIBCPMT ref: 00B068E1
                                                                                                                                                                                              • Part of subcall function 00B068D0: int.LIBCPMT ref: 00B068F8
                                                                                                                                                                                              • Part of subcall function 00B069FA: __EH_prolog3.LIBCMT ref: 00B06A01
                                                                                                                                                                                              • Part of subcall function 00B069FA: std::_Lockit::_Lockit.LIBCPMT ref: 00B06A0B
                                                                                                                                                                                              • Part of subcall function 00B069FA: int.LIBCPMT ref: 00B06A22
                                                                                                                                                                                              • Part of subcall function 00B06BB9: __EH_prolog3.LIBCMT ref: 00B06BC0
                                                                                                                                                                                              • Part of subcall function 00B06BB9: std::_Lockit::_Lockit.LIBCPMT ref: 00B06BCA
                                                                                                                                                                                              • Part of subcall function 00B06BB9: int.LIBCPMT ref: 00B06BE1
                                                                                                                                                                                              • Part of subcall function 00B06BB9: std::_Lockit::~_Lockit.LIBCPMT ref: 00B06C3B
                                                                                                                                                                                              • Part of subcall function 00B06B24: __EH_prolog3.LIBCMT ref: 00B06B2B
                                                                                                                                                                                              • Part of subcall function 00B06B24: std::_Lockit::_Lockit.LIBCPMT ref: 00B06B35
                                                                                                                                                                                              • Part of subcall function 00B06B24: int.LIBCPMT ref: 00B06B4C
                                                                                                                                                                                              • Part of subcall function 00B0194B: __EH_prolog3.LIBCMT ref: 00B01952
                                                                                                                                                                                              • Part of subcall function 00B0194B: std::_Lockit::_Lockit.LIBCPMT ref: 00B0195C
                                                                                                                                                                                              • Part of subcall function 00B0194B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B01A03
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B269
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B2C3
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B306
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B349
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B3B5
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B43A
                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00B0B461
                                                                                                                                                                                              • Part of subcall function 00B07355: __EH_prolog3.LIBCMT ref: 00B0735C
                                                                                                                                                                                              • Part of subcall function 00B06FCC: __EH_prolog3.LIBCMT ref: 00B06FD3
                                                                                                                                                                                              • Part of subcall function 00B06FCC: std::_Lockit::_Lockit.LIBCPMT ref: 00B06FDD
                                                                                                                                                                                              • Part of subcall function 00B06FCC: int.LIBCPMT ref: 00B06FF4
                                                                                                                                                                                              • Part of subcall function 00B06FCC: std::_Lockit::~_Lockit.LIBCPMT ref: 00B0704E
                                                                                                                                                                                              • Part of subcall function 00B070F6: __EH_prolog3.LIBCMT ref: 00B070FD
                                                                                                                                                                                              • Part of subcall function 00B070F6: std::_Lockit::_Lockit.LIBCPMT ref: 00B07107
                                                                                                                                                                                              • Part of subcall function 00B070F6: int.LIBCPMT ref: 00B0711E
                                                                                                                                                                                              • Part of subcall function 00B070F6: std::_Lockit::~_Lockit.LIBCPMT ref: 00B07178
                                                                                                                                                                                              • Part of subcall function 00B0194B: Concurrency::cancel_current_task.LIBCPMT ref: 00B01A0E
                                                                                                                                                                                              • Part of subcall function 00B0194B: __EH_prolog3.LIBCMT ref: 00B01A1B
                                                                                                                                                                                              • Part of subcall function 00B06552: __EH_prolog3.LIBCMT ref: 00B06559
                                                                                                                                                                                              • Part of subcall function 00B06552: std::_Lockit::_Lockit.LIBCPMT ref: 00B06563
                                                                                                                                                                                              • Part of subcall function 00B06552: int.LIBCPMT ref: 00B0657A
                                                                                                                                                                                              • Part of subcall function 00B06552: std::_Lockit::~_Lockit.LIBCPMT ref: 00B065D4
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B48A
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B088
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B0F2
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B138
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B17B
                                                                                                                                                                                            • collate.LIBCPMT ref: 00B0B1E7
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B201
                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00B0B227
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B4F2
                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00B0B512
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypecodecvtcollatectypenumpunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3571528127-0
                                                                                                                                                                                            • Opcode ID: f2752f810125c8e8dc976e2d966e4575f1365622e05690fc2b64dc2ff7aac487
                                                                                                                                                                                            • Instruction ID: 7c930522a71a27a4915154813a9f7f083968f5863c95233d73200f801e3a23e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: f2752f810125c8e8dc976e2d966e4575f1365622e05690fc2b64dc2ff7aac487
                                                                                                                                                                                            • Instruction Fuzzy Hash: 72E19F728002169BDB15AFA88C52EBF7EF4EF40360F1485E9F955673D2EB718E009B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE4349 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 278memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00AE4365
                                                                                                                                                                                            • GlobalAlloc.KERNEL32(00000040,00000000), ref: 00AE4433
                                                                                                                                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00AE444A
                                                                                                                                                                                            • VerQueryValueW.VERSION(00000000,00B4BDAC,?,?), ref: 00AE446A
                                                                                                                                                                                            • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?), ref: 00AE4480
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00AE44A4
                                                                                                                                                                                            • VerQueryValueW.VERSION(00000000,?,?,?), ref: 00AE44C3
                                                                                                                                                                                            • GlobalFree.KERNEL32(00000000), ref: 00AE4503
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE4696
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE4548
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE45F8
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE4678
                                                                                                                                                                                              • Part of subcall function 00AB35D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,00B5975C,?,?,00AB108B,80004005,B994DF4A,?,00B3A44F,000000FF), ref: 00AB35FB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: QueryValue$AllocCpp_errorFileGlobalHeapInfoMtx_unlockThrow_Versionstd::_$FindFreeProcessResourceSizewsprintf
                                                                                                                                                                                            • String ID: ProductName$\StringFileInfo\%04x%04x\%s$\VarFileInfo\Translation$windows\system32\svchost.exe
                                                                                                                                                                                            • API String ID: 997533036-3412287681
                                                                                                                                                                                            • Opcode ID: c321b8fd23920a90bde65815883385b41749b94ad4e6ddf2f6536396f7db57b4
                                                                                                                                                                                            • Instruction ID: f2c82baeb06d72e0e235938378acf4115535207426fa982302047cf6cd6dd848
                                                                                                                                                                                            • Opcode Fuzzy Hash: c321b8fd23920a90bde65815883385b41749b94ad4e6ddf2f6536396f7db57b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 24A1E6716012459BDB10DF69CC45BAAB7BDEF19314F1482A9F9159B292EB30DE01CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0B541 Relevance: 25.9, APIs: 17, Instructions: 433COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B0B548
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B745
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B79F
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B7E2
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B825
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B891
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B916
                                                                                                                                                                                              • Part of subcall function 00ADFA50: __Getctype.LIBCPMT ref: 00ADFA5D
                                                                                                                                                                                              • Part of subcall function 00B06965: __EH_prolog3.LIBCMT ref: 00B0696C
                                                                                                                                                                                              • Part of subcall function 00B06965: std::_Lockit::_Lockit.LIBCPMT ref: 00B06976
                                                                                                                                                                                              • Part of subcall function 00B06965: int.LIBCPMT ref: 00B0698D
                                                                                                                                                                                              • Part of subcall function 00B06A8F: __EH_prolog3.LIBCMT ref: 00B06A96
                                                                                                                                                                                              • Part of subcall function 00B06A8F: std::_Lockit::_Lockit.LIBCPMT ref: 00B06AA0
                                                                                                                                                                                              • Part of subcall function 00B06A8F: int.LIBCPMT ref: 00B06AB7
                                                                                                                                                                                              • Part of subcall function 00B06CE3: __EH_prolog3.LIBCMT ref: 00B06CEA
                                                                                                                                                                                              • Part of subcall function 00B06CE3: std::_Lockit::_Lockit.LIBCPMT ref: 00B06CF4
                                                                                                                                                                                              • Part of subcall function 00B06CE3: int.LIBCPMT ref: 00B06D0B
                                                                                                                                                                                              • Part of subcall function 00B06CE3: std::_Lockit::~_Lockit.LIBCPMT ref: 00B06D65
                                                                                                                                                                                              • Part of subcall function 00B06C4E: __EH_prolog3.LIBCMT ref: 00B06C55
                                                                                                                                                                                              • Part of subcall function 00B06C4E: std::_Lockit::_Lockit.LIBCPMT ref: 00B06C5F
                                                                                                                                                                                              • Part of subcall function 00B06C4E: int.LIBCPMT ref: 00B06C76
                                                                                                                                                                                              • Part of subcall function 00B06C4E: std::_Lockit::~_Lockit.LIBCPMT ref: 00B06CD0
                                                                                                                                                                                              • Part of subcall function 00B0194B: __EH_prolog3.LIBCMT ref: 00B01952
                                                                                                                                                                                              • Part of subcall function 00B0194B: std::_Lockit::_Lockit.LIBCPMT ref: 00B0195C
                                                                                                                                                                                              • Part of subcall function 00B0194B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B01A03
                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00B0B93D
                                                                                                                                                                                              • Part of subcall function 00B07388: __EH_prolog3.LIBCMT ref: 00B0738F
                                                                                                                                                                                              • Part of subcall function 00B07061: __EH_prolog3.LIBCMT ref: 00B07068
                                                                                                                                                                                              • Part of subcall function 00B07061: std::_Lockit::_Lockit.LIBCPMT ref: 00B07072
                                                                                                                                                                                              • Part of subcall function 00B07061: int.LIBCPMT ref: 00B07089
                                                                                                                                                                                              • Part of subcall function 00B07061: std::_Lockit::~_Lockit.LIBCPMT ref: 00B070E3
                                                                                                                                                                                              • Part of subcall function 00B0718B: __EH_prolog3.LIBCMT ref: 00B07192
                                                                                                                                                                                              • Part of subcall function 00B0718B: std::_Lockit::_Lockit.LIBCPMT ref: 00B0719C
                                                                                                                                                                                              • Part of subcall function 00B0718B: int.LIBCPMT ref: 00B071B3
                                                                                                                                                                                              • Part of subcall function 00B0718B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B0720D
                                                                                                                                                                                              • Part of subcall function 00B0194B: Concurrency::cancel_current_task.LIBCPMT ref: 00B01A0E
                                                                                                                                                                                              • Part of subcall function 00B0194B: __EH_prolog3.LIBCMT ref: 00B01A1B
                                                                                                                                                                                              • Part of subcall function 00B065E7: __EH_prolog3.LIBCMT ref: 00B065EE
                                                                                                                                                                                              • Part of subcall function 00B065E7: std::_Lockit::_Lockit.LIBCPMT ref: 00B065F8
                                                                                                                                                                                              • Part of subcall function 00B065E7: int.LIBCPMT ref: 00B0660F
                                                                                                                                                                                              • Part of subcall function 00B065E7: std::_Lockit::~_Lockit.LIBCPMT ref: 00B06669
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B966
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B564
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B5CE
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B614
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B657
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B6DD
                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00B0B703
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0B9CE
                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00B0B9EE
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3$Lockit::_$Lockit::~_$Concurrency::cancel_current_taskGetcollGetctypecodecvtnumpunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1338684613-0
                                                                                                                                                                                            • Opcode ID: 9e27819f5c17a49ec54f7e621691f5cb7882abe8cd85ac2b4f8bf22ceab75485
                                                                                                                                                                                            • Instruction ID: f98349854c053ceb80334abcca2b209cd70ce280c14fdb3fca10b84342117e27
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e27819f5c17a49ec54f7e621691f5cb7882abe8cd85ac2b4f8bf22ceab75485
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3E1B1729002169FDB25AFA88C52ABE7EF5EF40360F1484EDF9556B3D1EB318D009B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACCD00 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 451timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,00000000,WinHTTP 1.0,?,?,?,?,?,00B3A695,000000FF,?,00ACBC2C), ref: 00ACCD7F
                                                                                                                                                                                            • WinHttpConnect.WINHTTP(00000000,?,000001BB,00000000), ref: 00ACCDAE
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00ACCDF1
                                                                                                                                                                                            • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 00ACCE35
                                                                                                                                                                                            • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00ACCE5D
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(00000000), ref: 00ACCE72
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(?), ref: 00ACCE77
                                                                                                                                                                                            • WinHttpSendRequest.WINHTTP(000000FF,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ACCF40
                                                                                                                                                                                            • WinHttpReceiveResponse.WINHTTP(000000FF,00000000), ref: 00ACCF7A
                                                                                                                                                                                            • WinHttpQueryDataAvailable.WINHTTP(000000FF,?), ref: 00ACCF99
                                                                                                                                                                                            • WinHttpReadData.WINHTTP(000000FF,00000010,00000000,00000000), ref: 00ACD009
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Http$CloseDataHandleOpenRequest$AvailableConnectCount64FindHeapProcessQueryReadReceiveResourceResponseSendTickTimeouts
                                                                                                                                                                                            • String ID: GET$WinHTTP 1.0
                                                                                                                                                                                            • API String ID: 369866759-1397384856
                                                                                                                                                                                            • Opcode ID: de3425301b6c117a7ae334a63f0081fac14bebccbc314cd48acd5a70ad6d4b7b
                                                                                                                                                                                            • Instruction ID: 31e074364d4d46750c368b2e4e162b1a544f57c2e433f7e2d32d50dd6f20a371
                                                                                                                                                                                            • Opcode Fuzzy Hash: de3425301b6c117a7ae334a63f0081fac14bebccbc314cd48acd5a70ad6d4b7b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 89025B71A016059FDB14DFA8C988F9ABBF4EF09324F15816DE9159B2A2DB71ED00CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACC7D0 Relevance: 23.2, APIs: 10, Strings: 3, Instructions: 433COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • WinHttpOpen.WINHTTP(?,00000000,00000000,00000000,10000000,WinHTTP 1.0), ref: 00ACC84F
                                                                                                                                                                                            • WinHttpConnect.WINHTTP(00000000,000001BB,00000000), ref: 00ACC872
                                                                                                                                                                                            • WinHttpOpenRequest.WINHTTP(00000000,GET,?,00000000,00000000,00000000,00800000), ref: 00ACC8D3
                                                                                                                                                                                            • WinHttpSetStatusCallback.WINHTTP(00000000,00ACCCF0,00240000,00000000), ref: 00ACC8F3
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(00000000), ref: 00ACC909
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(?), ref: 00ACC90E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Http$CloseHandleOpen$CallbackConnectFindHeapProcessRequestResourceStatus
                                                                                                                                                                                            • String ID: %ws?%ws$GET$WinHTTP 1.0
                                                                                                                                                                                            • API String ID: 2977288223-4027742023
                                                                                                                                                                                            • Opcode ID: 0fbcf4b310208bc80059bea780c0648f80481467d75a7fcecf73831fc714b59a
                                                                                                                                                                                            • Instruction ID: 2b0089f6dfae82f1974343315a771d37cd92f20c60d3bd146679c928a5eb2ea0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fbcf4b310208bc80059bea780c0648f80481467d75a7fcecf73831fc714b59a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59F16C71A016069FDB10DF68C998F9ABBF4BF05324F25826DE9199B2A2DB74DD00CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE6380 Relevance: 21.4, APIs: 14, Instructions: 427processCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00AE6414
                                                                                                                                                                                            • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00AE644D
                                                                                                                                                                                            • Process32NextW.KERNEL32(00000000,0000022C), ref: 00AE6470
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00AE6483
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00AE6572
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE65C2
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE6638
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE6804
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE68EA
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE68F8
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE68FF
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE690A
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE691B
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE6926
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock$CloseHandleProcess32$CreateFirstNextSnapshotToolhelp32
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 471224688-0
                                                                                                                                                                                            • Opcode ID: dfb8f114633fb6b4be00a461f080f18c023c74ddd5724c5439a36857613f2941
                                                                                                                                                                                            • Instruction ID: 5e22af91d92c86426bdb7a2ae6879ddf9a564aa948dd79799494c6eb93222881
                                                                                                                                                                                            • Opcode Fuzzy Hash: dfb8f114633fb6b4be00a461f080f18c023c74ddd5724c5439a36857613f2941
                                                                                                                                                                                            • Instruction Fuzzy Hash: DC0204319006989FDB20DF29CD48B9ABBF4EF55354F1486E9E41D9B2A1DB30AE84CF50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACD260 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 163timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WinHttpConnect.WINHTTP(?,?,000001BB,00000000,B994DF4A,00000000,00000010,?,00000000,00000010,?,?,?,?,?,00B3A695), ref: 00ACD2B2
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00ACD2F3
                                                                                                                                                                                            • WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 00ACD334
                                                                                                                                                                                            • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00ACD355
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD366
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD36B
                                                                                                                                                                                            • WinHttpSendRequest.WINHTTP(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00ACD3D8
                                                                                                                                                                                            • WinHttpReceiveResponse.WINHTTP(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD3E7
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD3F0
                                                                                                                                                                                            • WinHttpCloseHandle.WINHTTP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD3F5
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Http$CloseHandle$Request$ConnectCount64HeapOpenProcessReceiveResponseSendTickTimeouts
                                                                                                                                                                                            • String ID: GET
                                                                                                                                                                                            • API String ID: 3667219687-1805413626
                                                                                                                                                                                            • Opcode ID: 34a8ed76deefb2892473f5ff45704b24f030b54c01868dcf9f6558d8413f87ac
                                                                                                                                                                                            • Instruction ID: b6be042e65431cb2f89acfff7c1758060f686ec87b3efa4eeb6f71b31ea71190
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34a8ed76deefb2892473f5ff45704b24f030b54c01868dcf9f6558d8413f87ac
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C51B035A00605AFD7109F69CC85F6ABBF8FF49720F15422AF914EB2A1DB31AD10CB54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B12B01 Relevance: 18.3, APIs: 12, Instructions: 277COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B12B08
                                                                                                                                                                                            • collate.LIBCPMT ref: 00B12B14
                                                                                                                                                                                              • Part of subcall function 00B117EC: __EH_prolog3_GS.LIBCMT ref: 00B117F3
                                                                                                                                                                                              • Part of subcall function 00B117EC: __Getcoll.LIBCPMT ref: 00B11857
                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00B12B57
                                                                                                                                                                                              • Part of subcall function 00B11650: __EH_prolog3.LIBCMT ref: 00B11657
                                                                                                                                                                                              • Part of subcall function 00B11650: std::_Lockit::_Lockit.LIBCPMT ref: 00B11661
                                                                                                                                                                                              • Part of subcall function 00B11650: int.LIBCPMT ref: 00B11678
                                                                                                                                                                                              • Part of subcall function 00B11650: std::_Lockit::~_Lockit.LIBCPMT ref: 00B116D2
                                                                                                                                                                                              • Part of subcall function 00B0194B: __EH_prolog3.LIBCMT ref: 00B01952
                                                                                                                                                                                              • Part of subcall function 00B0194B: std::_Lockit::_Lockit.LIBCPMT ref: 00B0195C
                                                                                                                                                                                              • Part of subcall function 00B0194B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B01A03
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12B31
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12B95
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12BEB
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12C30
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12C73
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12CDF
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12D60
                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00B12D87
                                                                                                                                                                                            • int.LIBCPMT ref: 00B12DAF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3Lockit::_Lockit::~_$Getcoll$H_prolog3_collatenumpunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 613342304-0
                                                                                                                                                                                            • Opcode ID: 7393b903cfd37308ab6acaeddbc40375d79a7210f3afdae04371f6e454f1332f
                                                                                                                                                                                            • Instruction ID: a9c0edf92ed52a5f51e67e111dce12c963e9dfbf0ccc8df450c6c954f1cbf446
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7393b903cfd37308ab6acaeddbc40375d79a7210f3afdae04371f6e454f1332f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 40911A72C00315AFDB24AF689801AFF7AF8DF94360F9045E9F955A7381EB708D9057A1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFD630 Relevance: 17.8, APIs: 3, Strings: 7, Instructions: 271registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegOpenKeyExW.ADVAPI32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00000101,?,B994DF4A,?,00000000), ref: 00AFD765
                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(00000000,MachineGuid,00000000,?,00000000,?,?,00000000), ref: 00AFD78F
                                                                                                                                                                                            • RegQueryValueExW.ADVAPI32(00000000,MachineGuid,00000000,00000000,00000000,?), ref: 00AFD7CA
                                                                                                                                                                                              • Part of subcall function 00AB35D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,00B5975C,?,?,00AB108B,80004005,B994DF4A,?,00B3A44F,000000FF), ref: 00AB35FB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: QueryValue$AllocHeapOpen
                                                                                                                                                                                            • String ID: %wsX$00000000-0000-0000-0000-000000000000$03000200-0400-0500-0006-000700080009$12345678-1234-5678-90AB-CDDEEFAABBCC$FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF$MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                            • API String ID: 1471642767-2974506590
                                                                                                                                                                                            • Opcode ID: d9e72c05340016e41f2160126fa8c7d4dcf0c17d436dca7ca3597cf27096d363
                                                                                                                                                                                            • Instruction ID: d77fe9f3adebcc8a583995745a6a52a6b0aa27c38dbe98a0d58ede1a13005a04
                                                                                                                                                                                            • Opcode Fuzzy Hash: d9e72c05340016e41f2160126fa8c7d4dcf0c17d436dca7ca3597cf27096d363
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B91F772A0010A9BEB15AFE4CC41BBBB7B6EF14754F14456AFA06EB291E771ED00C750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AEF8E0 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 269fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • OpenEventLogW.ADVAPI32(00000000,System), ref: 00AEF960
                                                                                                                                                                                            • GetNumberOfEventLogRecords.ADVAPI32(00000000,00000000), ref: 00AEF970
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                            • ReadEventLogW.ADVAPI32(00000000,00000005,00000000,00000000,0001FFFE,00000000,00000000), ref: 00AEF9A7
                                                                                                                                                                                            • CloseEventLog.ADVAPI32(00000000), ref: 00AEFA23
                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,00000101,?,00000000,"":-1 } } },0000000D,{ "fast":{ "eventsDaily":{ ,0000001C), ref: 00AEFB0C
                                                                                                                                                                                              • Part of subcall function 00AB35D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,00B5975C,?,?,00AB108B,80004005,B994DF4A,?,00B3A44F,000000FF), ref: 00AB35FB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Event$Heap$AllocCloseFileNumberOpenProcessReadRecordsWrite
                                                                                                                                                                                            • String ID: "":-1 } } }$"%s":%d,$%0.2d/%0.2d/%0.2d$System${ "fast":{ "eventsDaily":{
                                                                                                                                                                                            • API String ID: 1664757657-334134642
                                                                                                                                                                                            • Opcode ID: 224f80c62efe58a5770ab9455b4da6b822b94f715982f45bf058643c6c1f5e94
                                                                                                                                                                                            • Instruction ID: 2c9bf41b1bd75ce64bd3cdbd030effdcef0c7efaa77e5e6f4c8912dcb80ee4aa
                                                                                                                                                                                            • Opcode Fuzzy Hash: 224f80c62efe58a5770ab9455b4da6b822b94f715982f45bf058643c6c1f5e94
                                                                                                                                                                                            • Instruction Fuzzy Hash: 35A1B371900249AFDB10DFA9C845FAEBBF4FF05310F0981A9F505AB2A2DB759D44CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFCCA0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 197windowregistryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RegisterClassW.USER32(?), ref: 00AFCD61
                                                                                                                                                                                            • CreateWindowExW.USER32(08000000,?,00000000,80000000,000000FF,00000001,000000FF,00000001,00000000,00000000,?,00000000), ref: 00AFCD88
                                                                                                                                                                                            • ShowWindow.USER32(00000000,00000000), ref: 00AFCDB3
                                                                                                                                                                                            • UpdateWindow.USER32(00000000), ref: 00AFCDBA
                                                                                                                                                                                            • PeekMessageW.USER32(?,?,00000000,00000000,00000001), ref: 00AFCDFC
                                                                                                                                                                                            • TranslateMessage.USER32(?), ref: 00AFCE0A
                                                                                                                                                                                            • DispatchMessageW.USER32(?), ref: 00AFCE14
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                            • PostMessageW.USER32(?,00000402,?,?), ref: 00AFCE97
                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00AFCEA3
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageWindow$ClassCreateDispatchFindHeapPeekPostProcProcessRegisterResourceShowTranslateUpdate
                                                                                                                                                                                            • String ID: SYSTEM_EVT_HANDLER
                                                                                                                                                                                            • API String ID: 2996767847-656511211
                                                                                                                                                                                            • Opcode ID: 8352de9e1d178e08f39a43fc3e8c5bf61e80c4ffad0a7bb14e7503ee2d41744b
                                                                                                                                                                                            • Instruction ID: f6b505a35c491f00b47f9c93ce3fc89ec83e03d7f9a099ea8a3dd76ff650e3b9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8352de9e1d178e08f39a43fc3e8c5bf61e80c4ffad0a7bb14e7503ee2d41744b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4351C371D4160DABDB10DF99DD45BAEBBB8EF45730F20421AFA25A72D0DB70AD008B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AF8F30 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AF8F5D
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AF8F7F
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AF8F9F
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AF8FC9
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AF9038
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AF9084
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00AF909E
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AF9133
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00AF9140
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Locinfo::_$Facet_Locinfo_ctorLocinfo_dtorRegister
                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                            • API String ID: 3375549084-1405518554
                                                                                                                                                                                            • Opcode ID: 351656f68ebc1a356cd954f1b1328dd73e9f7ec5d623891b26e9e812ee51a8a4
                                                                                                                                                                                            • Instruction ID: 1deebe1d916712485413dbec61b35ce21a4f4d503b2512315ce9392ef090b2ba
                                                                                                                                                                                            • Opcode Fuzzy Hash: 351656f68ebc1a356cd954f1b1328dd73e9f7ec5d623891b26e9e812ee51a8a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 61617E71D102499FDF20DFE4D985BAEBBB4AF04350F144069F905A7391EB74E905CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B14C30 Relevance: 15.2, APIs: 10, Instructions: 154memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00AEE1E7,00AEE1E9,00000000,00000000,B994DF4A,?,00000000,?,00B18B80,00B58FE8,000000FE,?,00AEE1E7,?), ref: 00B14CB9
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B14CDE
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00AEE1E7,?,00000000,00000000,?,00B18B80,00B58FE8,000000FE,?,00AEE1E7), ref: 00B14D34
                                                                                                                                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00B14D3F
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00B14D68
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00B14D72
                                                                                                                                                                                            • GetLastError.KERNEL32(80070057,B994DF4A,?,00000000,?,00B18B80,00B58FE8,000000FE,?,00AEE1E7,?), ref: 00B14D77
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00B14D8A
                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,?,00B18B80,00B58FE8,000000FE,?,00AEE1E7,?), ref: 00B14DA0
                                                                                                                                                                                            • _com_issue_error.COMSUPP ref: 00B14DB3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _com_issue_error$ByteCharErrorLastMultiWide$AllocString__alloca_probe_16
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3079088546-0
                                                                                                                                                                                            • Opcode ID: 1de3d5ba50908f73f1b729eecc4e4182c419565e8d45473c69e2b8719824e7f3
                                                                                                                                                                                            • Instruction ID: a498e85b7d8ea3a5e97ea2f4b612f6278f3bd4cd0561f8ebdb4c96a5726619cc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1de3d5ba50908f73f1b729eecc4e4182c419565e8d45473c69e2b8719824e7f3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2741E7B1A00215EBDB10DF69EC45BEEBBE8EB49750F5042B9F905E7290DB34998087E4
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE348C Relevance: 15.1, APIs: 10, Instructions: 123COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE3493
                                                                                                                                                                                              • Part of subcall function 00AEED90: __Mtx_unlock.LIBCPMT ref: 00AEEE09
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE34DA
                                                                                                                                                                                              • Part of subcall function 00AEED90: std::_Throw_Cpp_error.LIBCPMT ref: 00AEEE1D
                                                                                                                                                                                              • Part of subcall function 00AEED90: std::_Throw_Cpp_error.LIBCPMT ref: 00AEEE28
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE3527
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE35A4
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE35ED
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE35FB
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3602
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3610
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3617
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3625
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE362C
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3637
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2334871359-0
                                                                                                                                                                                            • Opcode ID: b805a641e5cb0a8ca733cfaa6067b45ede71eb4ee9e2f6c3b1b4fde7f0c82c8b
                                                                                                                                                                                            • Instruction ID: 380a28d8a0dcd23e014fb40f964194381c417b3988e1b5ab400e2b7d72a17a13
                                                                                                                                                                                            • Opcode Fuzzy Hash: b805a641e5cb0a8ca733cfaa6067b45ede71eb4ee9e2f6c3b1b4fde7f0c82c8b
                                                                                                                                                                                            • Instruction Fuzzy Hash: E241937290024DAFDF10EFA5CD42BAE77B4AF14310F040629FA259B691EB31AA15CF95
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE3640 Relevance: 15.1, APIs: 10, Instructions: 70threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetForegroundWindow.USER32(B994DF4A,?,?), ref: 00AE3679
                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(00000000,?), ref: 00AE3695
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE38F9
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3907
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE390E
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3919
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3920
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE392E
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3935
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3940
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Window$ForegroundProcessThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1582234585-0
                                                                                                                                                                                            • Opcode ID: d26afc4636f5a43526af5c197bf3459e793c6aa179ebd8942f39aa1a7c11dc14
                                                                                                                                                                                            • Instruction ID: 58fd131642b73c8f4d1938ce97f235097ce5e539ed82c7a7b404e0df611d27dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: d26afc4636f5a43526af5c197bf3459e793c6aa179ebd8942f39aa1a7c11dc14
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E219371A4078CAFDB10EFF19E06B6A77A8EB04710F004629FB19976D1EA3196008F55
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B13684 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B1368B
                                                                                                                                                                                              • Part of subcall function 00B00B9B: __EH_prolog3.LIBCMT ref: 00B00BA2
                                                                                                                                                                                              • Part of subcall function 00B00B9B: std::_Lockit::_Lockit.LIBCPMT ref: 00B00BAC
                                                                                                                                                                                              • Part of subcall function 00B00B9B: int.LIBCPMT ref: 00B00BC3
                                                                                                                                                                                              • Part of subcall function 00B00B9B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B00C1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3Lockitstd::_$Lockit::_Lockit::~_
                                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                            • API String ID: 1538362411-2891247106
                                                                                                                                                                                            • Opcode ID: 243cad743db778aa296bd79235acb68662c3727ea91ef9936fe5b213f54caa48
                                                                                                                                                                                            • Instruction ID: 07f22dae2aea10e66805deb63074db6de3a0301267324e9da5a9301a2ff52cde
                                                                                                                                                                                            • Opcode Fuzzy Hash: 243cad743db778aa296bd79235acb68662c3727ea91ef9936fe5b213f54caa48
                                                                                                                                                                                            • Instruction Fuzzy Hash: 49C171B2500109AEDB18DF58C995DFE7BF8EF09B00F944199FA46E6291E671DB80CB60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0D879 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B0D880
                                                                                                                                                                                              • Part of subcall function 00B06711: __EH_prolog3.LIBCMT ref: 00B06718
                                                                                                                                                                                              • Part of subcall function 00B06711: std::_Lockit::_Lockit.LIBCPMT ref: 00B06722
                                                                                                                                                                                              • Part of subcall function 00B06711: int.LIBCPMT ref: 00B06739
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3$LockitLockit::_std::_
                                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                            • API String ID: 2181796688-2891247106
                                                                                                                                                                                            • Opcode ID: 1eba392c05a1b740c0dfa83788b335dd72978aec9f1161e23abf092e46af3e33
                                                                                                                                                                                            • Instruction ID: 4516b48875b95f7799824b9198e7184e4a43c574d3c779ec24080692c6435139
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1eba392c05a1b740c0dfa83788b335dd72978aec9f1161e23abf092e46af3e33
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BC160B2500109AFDB28DFE8C995EFB7FF8EB49300F154199FA06A62D5D670DA10DB60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0DC69 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 351COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B0DC70
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::_Lockit.LIBCPMT ref: 00ADDE4D
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::_Lockit.LIBCPMT ref: 00ADDE70
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00ADDE90
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00ADDF1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                            • String ID: %H : %M$%H : %M : %S$%I : %M : %S %p$%b %d %H : %M : %S %Y$%d / %m / %y$%m / %d / %y$:AM:am:PM:pm
                                                                                                                                                                                            • API String ID: 1383202999-2891247106
                                                                                                                                                                                            • Opcode ID: d84c241b0fdf1fe7eff173e47af1d80bf9ed32feef077d678ffbfa0f4002e292
                                                                                                                                                                                            • Instruction ID: 362505c85c31b9ce54363b05d90081ee1183f0ff5c03637512b08172ad8f153b
                                                                                                                                                                                            • Opcode Fuzzy Hash: d84c241b0fdf1fe7eff173e47af1d80bf9ed32feef077d678ffbfa0f4002e292
                                                                                                                                                                                            • Instruction Fuzzy Hash: 91C15FB650010AAFDF18DFA8C996EFA7FE8FB05300F144599FA06A62D5D631DA00DB60
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFB9E0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AFBA7B
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AFBACA
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00AFBC1D
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AFBCB5
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AFBCE7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Lockit$Concurrency::cancel_current_taskLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                            • String ID: bad locale name$false$true
                                                                                                                                                                                            • API String ID: 3204333896-1062449267
                                                                                                                                                                                            • Opcode ID: a131ed4aa64cba9f4d2bf23fb33156141ed81c9f245c2051466a862e208748ae
                                                                                                                                                                                            • Instruction ID: 40b3491a252f148f9ddd9e1cdb3c4e7776be1b73227837f8843b43f513a907f9
                                                                                                                                                                                            • Opcode Fuzzy Hash: a131ed4aa64cba9f4d2bf23fb33156141ed81c9f245c2051466a862e208748ae
                                                                                                                                                                                            • Instruction Fuzzy Hash: F89100B1D0035C9BEB10DFE5D945BDEBBF8BF14304F144165E908AB281EB75AA48CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0A8E3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B0A8EA
                                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00B0A953
                                                                                                                                                                                            • _Maklocstr.LIBCPMT ref: 00B0A965
                                                                                                                                                                                            • _Maklocchr.LIBCPMT ref: 00B0A97D
                                                                                                                                                                                            • _Maklocchr.LIBCPMT ref: 00B0A98D
                                                                                                                                                                                            • _Getvals.LIBCPMT ref: 00B0A9AF
                                                                                                                                                                                              • Part of subcall function 00B04F58: _Maklocchr.LIBCPMT ref: 00B04F87
                                                                                                                                                                                              • Part of subcall function 00B04F58: _Maklocchr.LIBCPMT ref: 00B04F9D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Maklocchr$Maklocstr$GetvalsH_prolog3_
                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                            • API String ID: 3549167292-2658103896
                                                                                                                                                                                            • Opcode ID: 6ba62d5fbf2df2ca6de4219383b8d291f9f8a9b908a09de0139e6a4f91734353
                                                                                                                                                                                            • Instruction ID: 83aca31e7efcf567aafceae802a8c8071896ceed72c45a2d59c9fe246c8f987e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ba62d5fbf2df2ca6de4219383b8d291f9f8a9b908a09de0139e6a4f91734353
                                                                                                                                                                                            • Instruction Fuzzy Hash: FE214FB2D00318AADF14EFA5D885ADF7FE8EF05710F008496B915AF182DA749644CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACEDE0 Relevance: 13.7, APIs: 9, Instructions: 235serviceCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00ACEE51
                                                                                                                                                                                              • Part of subcall function 00AEED90: __Mtx_unlock.LIBCPMT ref: 00AEEE09
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00ACEEB7
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACEED5
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACEEE0
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACEEE7
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACEEF2
                                                                                                                                                                                            • QueryServiceStatusEx.ADVAPI32(?,00000000,?,00000024,?), ref: 00ACF009
                                                                                                                                                                                            • StartServiceW.ADVAPI32(?,00000000,00000000), ref: 00ACF02F
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00ACF078
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock$Service$Concurrency::cancel_current_taskQueryStartStatus
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3126387822-0
                                                                                                                                                                                            • Opcode ID: 8f3b28a7cca9f07c81fd2fe262a8ec8a882f0641f58c919611b3e396b7fb93b7
                                                                                                                                                                                            • Instruction ID: 12427ec38e5546f47073610ad8bbc97333e9c732d44e122b3dafb9301028ecdb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f3b28a7cca9f07c81fd2fe262a8ec8a882f0641f58c919611b3e396b7fb93b7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2771E0725042449FDB11DF28CC41FABB7E8EF45750F05066EF9589B292EB31EA48CB92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE3400 Relevance: 13.6, APIs: 9, Instructions: 74threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00AE3459
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE35ED
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE35FB
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3602
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3610
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3617
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3625
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE362C
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3637
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$ProcessThreadWindow
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3332860087-0
                                                                                                                                                                                            • Opcode ID: 5fa18325173ad18fa8b48e0c4dfbd17f26a324b06df53c6f4c217adf90cc8dbb
                                                                                                                                                                                            • Instruction ID: dca84617ee58e661a419ad1324593bb2ce4fac154e54f14ce3f558b101ca49a7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fa18325173ad18fa8b48e0c4dfbd17f26a324b06df53c6f4c217adf90cc8dbb
                                                                                                                                                                                            • Instruction Fuzzy Hash: EA21957164078DABDB10EFA1CE41B6AB7A8EB04710F004229FE289BAD1DB7196008F65
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B190E8 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • type_info::operator==.LIBVCRUNTIME ref: 00B19207
                                                                                                                                                                                            • ___TypeMatch.LIBVCRUNTIME ref: 00B19315
                                                                                                                                                                                            • _UnwindNestedFrames.LIBCMT ref: 00B19467
                                                                                                                                                                                            • CallUnexpected.LIBVCRUNTIME ref: 00B19482
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 2751267872-393685449
                                                                                                                                                                                            • Opcode ID: 8188e042e23de4153b3e05ed299554908b2d427fa24812ebf53d3655a7f7639a
                                                                                                                                                                                            • Instruction ID: 26670dd3550e7696cf6dad1fd9c04c9f0cac813d678063c936de01a3cd1e9831
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8188e042e23de4153b3e05ed299554908b2d427fa24812ebf53d3655a7f7639a
                                                                                                                                                                                            • Instruction Fuzzy Hash: B4B15971C00249EFCF25DFA4D8919EEB7F5FF14310B9441AAE8116B252D730EAA2CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC4E60 Relevance: 12.5, APIs: 3, Strings: 4, Instructions: 209libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(kernel32,GetLogicalProcessorInformation,B994DF4A), ref: 00AC4EDD
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000), ref: 00AC4EE4
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00AC4EFC
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressErrorHandleLastModuleProc
                                                                                                                                                                                            • String ID: Cant get cpu info$CpuInfoError$GetLogicalProcessorInformation$kernel32
                                                                                                                                                                                            • API String ID: 4275029093-3855144101
                                                                                                                                                                                            • Opcode ID: 4adc1248798fc3fee0f5004c5c519ed2dac5299e8123b4487687bf349683c8ce
                                                                                                                                                                                            • Instruction ID: 465d52181dfec7b4ab431e387aae2ce2550b5c0d26ced215bcbe64ffe105b3d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4adc1248798fc3fee0f5004c5c519ed2dac5299e8123b4487687bf349683c8ce
                                                                                                                                                                                            • Instruction Fuzzy Hash: E671DD31A40606CBDB20DF68DD15FAEB7B4EF05710F25426DE911AB3A2DB749A01CBD1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFD020 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 100registryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AFD190: __Mtx_unlock.LIBCPMT ref: 00AFD24C
                                                                                                                                                                                            • wsprintfW.USER32 ref: 00AFD06B
                                                                                                                                                                                            • RegCreateKeyW.ADVAPI32(80000002,?,?), ref: 00AFD09C
                                                                                                                                                                                            • RegQueryValueW.ADVAPI32(?,00B4BC8C,?,00000400), ref: 00AFD0CB
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00AFD163
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • SOFTWARE\Classes\CLSID\{%ws}, xrefs: 00AFD065
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateHandleMtx_unlockQueryValuewsprintf
                                                                                                                                                                                            • String ID: SOFTWARE\Classes\CLSID\{%ws}
                                                                                                                                                                                            • API String ID: 43845800-1216538723
                                                                                                                                                                                            • Opcode ID: eb1415ae523bb31fa4f68b09f9be0cc943e028f6d7dddb9863dccf42b5eda88b
                                                                                                                                                                                            • Instruction ID: fde4223da3dc2f4016b01dc9bf7e1781868e9c8cdc3fc6306f05f2e84608894d
                                                                                                                                                                                            • Opcode Fuzzy Hash: eb1415ae523bb31fa4f68b09f9be0cc943e028f6d7dddb9863dccf42b5eda88b
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB4160B450010C9FCB21DB54DD45FEAB7B9EB01314F008699EB5AA3651DB70AE86CF58
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B148AE Relevance: 12.2, APIs: 8, Instructions: 224COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCPInfo.KERNEL32(?,?), ref: 00B14939
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00B149C7
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B149F1
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B14A39
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 00B14A53
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B14A79
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B14AB6
                                                                                                                                                                                            • CompareStringEx.KERNEL32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00B14AD3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide$__alloca_probe_16$CompareInfoString
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3603178046-0
                                                                                                                                                                                            • Opcode ID: 42a63360dbcc056a9a9257ce233ea4e119c3c86ddd58bfef800ae8876aa15159
                                                                                                                                                                                            • Instruction ID: dcb2c24dc1917dda72f04f1b294a3eebca53e79e2ae3b0245efa6e151eb6f9da
                                                                                                                                                                                            • Opcode Fuzzy Hash: 42a63360dbcc056a9a9257ce233ea4e119c3c86ddd58bfef800ae8876aa15159
                                                                                                                                                                                            • Instruction Fuzzy Hash: A671C27291024AAFDF208FA4DC85EEF7BF6EF45350FA900A5E904A7150DB35C980CB64
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC95F0 Relevance: 12.2, APIs: 8, Instructions: 183COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Mtx_unlock$Cpp_errorThrow_std::_$Cnd_broadcastCnd_destroy_in_situMtx_destroy_in_situ
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1639359466-0
                                                                                                                                                                                            • Opcode ID: d74fd6ed2203de94c1f1f21ce858652d2ece55be035c862bb100deddc3ee23b1
                                                                                                                                                                                            • Instruction ID: 441efeae7886e2f7a998d6490e4b67be258d90d9ad6946081f0472830843caf6
                                                                                                                                                                                            • Opcode Fuzzy Hash: d74fd6ed2203de94c1f1f21ce858652d2ece55be035c862bb100deddc3ee23b1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5661F0B0A017099BCB24DF64C949FABB7E4FF00310F15822DF92987A91EB35E904CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B14623 Relevance: 12.2, APIs: 8, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 00B1466C
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B14698
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 00B146D7
                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B146F4
                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00B14733
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B14750
                                                                                                                                                                                            • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B14792
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00B147B5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiStringWide$__alloca_probe_16
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2040435927-0
                                                                                                                                                                                            • Opcode ID: 331de1f360c9c60a06f4259c1b040ce687f539cb21a2a7d1c97b885a9b757e8a
                                                                                                                                                                                            • Instruction ID: e77b0f70c8547f75050111e88166a2512e35d4bc2bfdf1d8c870a47a35e2c211
                                                                                                                                                                                            • Opcode Fuzzy Hash: 331de1f360c9c60a06f4259c1b040ce687f539cb21a2a7d1c97b885a9b757e8a
                                                                                                                                                                                            • Instruction Fuzzy Hash: A0518E7291021AABEB205F60DC85FEF7BE9EB42750F6445A5FD14E6190DB308D91CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE3994 Relevance: 12.1, APIs: 8, Instructions: 105COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2334871359-0
                                                                                                                                                                                            • Opcode ID: 0bd231fbceafee69dcc56249031092b036850637ef14cb23db341d0f62195e9d
                                                                                                                                                                                            • Instruction ID: f6dea9e482c0e25aa72656042d374c5b7d782e1ea7c1e1349189ebf0a84b763a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0bd231fbceafee69dcc56249031092b036850637ef14cb23db341d0f62195e9d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D41A571600245DFDB10DFA6C985BA9F3A5BF04300F148364E96997292D732ED54CF91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2A7F4 Relevance: 10.8, APIs: 7, Instructions: 329COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _strrchr
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3213747228-0
                                                                                                                                                                                            • Opcode ID: 03401a78ee8912b8728fcd654ce34ad05f9a379fc551f28922a14bcf5a1dd639
                                                                                                                                                                                            • Instruction ID: ef167bf124d51418b45584c018a524692a7dc4e92bd1cb85d4857c11fb6a9cab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 03401a78ee8912b8728fcd654ce34ad05f9a379fc551f28922a14bcf5a1dd639
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DB16A72A043759FDB11CF24EC81BAE7BE5EF56310F1541E6E908AF282D2749D41C7A2
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACEAC0 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 262COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00ACEB13
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACED71
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACED7C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$FindHeapMtx_unlockProcessResource
                                                                                                                                                                                            • String ID: Fast!$activationStatus=%ws$activation_status_changed
                                                                                                                                                                                            • API String ID: 2096995265-4141419543
                                                                                                                                                                                            • Opcode ID: 4849626a8f141bd1b39c5ca60eb554bce404f5a0930bb9bf539e44896a04a183
                                                                                                                                                                                            • Instruction ID: f5d26f8fb42a75cfac57df8dafb3177ce8df89f08903911e464b9700e6193487
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4849626a8f141bd1b39c5ca60eb554bce404f5a0930bb9bf539e44896a04a183
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2DA1C431A016499FDB10DBA8C945F9EB7F4EF41314F1581ACE515AB2A3EB30DE04CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE7970 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 173COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AE79F0
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AE7A43
                                                                                                                                                                                            • __Getcoll.LIBCPMT ref: 00AE7A55
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00AE7A74
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AE7B09
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Lockit$GetcollLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                            • API String ID: 1629477862-1405518554
                                                                                                                                                                                            • Opcode ID: 2d8287a5f3798e879a2f25856df2b9776b0be5ae7eb6ede0db5e605be4685ca1
                                                                                                                                                                                            • Instruction ID: 80f9ba323d23375b5cf894ff08352f706a0c5429d35feca6f02f3ef95e864da0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d8287a5f3798e879a2f25856df2b9776b0be5ae7eb6ede0db5e605be4685ca1
                                                                                                                                                                                            • Instruction Fuzzy Hash: AF515EB1D002489BEF14DFE5D949B9EBBF4EF04350F144169F809AB381EB749A44CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ADFAC0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 158COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00ADFB49
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00ADFB9E
                                                                                                                                                                                            • __Getctype.LIBCPMT ref: 00ADFBB7
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00ADFC01
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00ADFC9F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Lockit$GetctypeLocinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                            • API String ID: 1840309910-1405518554
                                                                                                                                                                                            • Opcode ID: db363d582bb8c58e0601bc73b1186712cade11bd04ab595dcae8d5c2a3310455
                                                                                                                                                                                            • Instruction ID: 84c61fe4dcaf0417e5cf79d16b44b2c8fb75464374db4d5b84155cb7bd7cba34
                                                                                                                                                                                            • Opcode Fuzzy Hash: db363d582bb8c58e0601bc73b1186712cade11bd04ab595dcae8d5c2a3310455
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D516FB1D003589FEB20DFA4C945B9ABBF4AF14314F1441AAE949E7342EB34AA54CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AEE770 Relevance: 10.6, APIs: 7, Instructions: 125COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • OpenProcess.KERNEL32(00000400,00000000,?), ref: 00AEE793
                                                                                                                                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00AEE7BE
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AEE816
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AEE841
                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 00AEE8EF
                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 00AEE908
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00AEE922
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Count64ProcessTick__aulldiv$CloseCountersHandleOpen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2371676983-0
                                                                                                                                                                                            • Opcode ID: b53b88352698d7e950bd29d39230b57d4c63540436f0250c0b63f5cd1062cc73
                                                                                                                                                                                            • Instruction ID: c37b827524fe91fb9e0283e4b96a57a2d0225ae61374d4ec5cf952a55acf0494
                                                                                                                                                                                            • Opcode Fuzzy Hash: b53b88352698d7e950bd29d39230b57d4c63540436f0250c0b63f5cd1062cc73
                                                                                                                                                                                            • Instruction Fuzzy Hash: B851F2756183409FCB40CF68C980B5ABBE1BF89714F084969F9889B216DB70E908CB62
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B18B80 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00B18BB7
                                                                                                                                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00B18BBF
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00B18C48
                                                                                                                                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00B18C73
                                                                                                                                                                                            • _ValidateLocalCookies.LIBCMT ref: 00B18CC8
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 1170836740-1018135373
                                                                                                                                                                                            • Opcode ID: f3399607ab6011103212251a38c46f79f7672bd518f93ae9746d6e0f2b585350
                                                                                                                                                                                            • Instruction ID: cdbb9131916e55b2ad1ff85d2435eda5782197f6e87e4d777e4925116cfd7281
                                                                                                                                                                                            • Opcode Fuzzy Hash: f3399607ab6011103212251a38c46f79f7672bd518f93ae9746d6e0f2b585350
                                                                                                                                                                                            • Instruction Fuzzy Hash: CB418E34A012499BCF10DF68C891ADEBBF5FF45324F5484D5E918AB392DB319A85CBE0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AEE630 Relevance: 10.6, APIs: 7, Instructions: 93COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?), ref: 00AEE653
                                                                                                                                                                                            • GetProcessMemoryInfo.PSAPI(00000000,?,0000002C), ref: 00AEE66B
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AEE690
                                                                                                                                                                                            • GetTickCount64.KERNEL32 ref: 00AEE6BB
                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 00AEE733
                                                                                                                                                                                            • __aulldiv.LIBCMT ref: 00AEE748
                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00AEE756
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Count64ProcessTick__aulldiv$CloseHandleInfoMemoryOpen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2237584821-0
                                                                                                                                                                                            • Opcode ID: 55adfcdd497e03bda88eee3e146db338afaf04f2f25641830831a941c51a98c7
                                                                                                                                                                                            • Instruction ID: 367f88b66d6a12836cec011bf1772baa4c948aee3343f6521c28896d241bbb49
                                                                                                                                                                                            • Opcode Fuzzy Hash: 55adfcdd497e03bda88eee3e146db338afaf04f2f25641830831a941c51a98c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A310775624702EFD714DF39C885B5AFBE4BB88314F008A29F56CC3251EB70E8548B92
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B065E7 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B065EE
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B065F8
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0660F
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00B06632
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06649
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06669
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06676
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                                            • Opcode ID: 8e5592250f7ed53d6995af4d4c244b6f2955d9f4622384717e89568b105791bb
                                                                                                                                                                                            • Instruction ID: b5c9105f52c3ce82ed72063618acb4300204ef8e588e75af934cabb1e1fb4181
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e5592250f7ed53d6995af4d4c244b6f2955d9f4622384717e89568b105791bb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D01C4329006199FCB04EBA4DA416BEBBB1AF94310F24019AF511A73D1CF709E01C791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06552 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06559
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06563
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0657A
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00B0659D
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B065B4
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B065D4
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B065E1
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                                            • Opcode ID: 794658a084690aee9c345551045dc5cb2c9233f1396b931d5efa3307bcf5bb27
                                                                                                                                                                                            • Instruction ID: ee4a5266bdae370bdb4f6efae819029fc737542f20fd5ce448b1f6c2a73195c6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 794658a084690aee9c345551045dc5cb2c9233f1396b931d5efa3307bcf5bb27
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7901A1319106199FCB14EBA4D9816BEBBB0AF94310F14019AE912A73D1CF70DE058B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0667C Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06683
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B0668D
                                                                                                                                                                                            • int.LIBCPMT ref: 00B066A4
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • collate.LIBCPMT ref: 00B066C7
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B066DE
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B066FE
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B0670B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1767075461-0
                                                                                                                                                                                            • Opcode ID: 9b7ffbd0e97404d37a9baafe7dc1f49dfb5c74bed6d46f5d90196c1d576a8d4d
                                                                                                                                                                                            • Instruction ID: e34020f4fd9d1ca30454013e10721a4a9db6a0ea56fc865e2495e91d2054db7c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b7ffbd0e97404d37a9baafe7dc1f49dfb5c74bed6d46f5d90196c1d576a8d4d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3901D63591051ADFCB01EBA4C9456BEBBB0EF84710F2401AAF811AB3E1DF709E01CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06BB9 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06BC0
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06BCA
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06BE1
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00B06C04
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06C1B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06C3B
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06C48
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                            • Opcode ID: 663bf317cc41451990cc93e46cfe73916fae5583d8cdaf15be8b5dd2fa148640
                                                                                                                                                                                            • Instruction ID: 2fe3eb7f6f92df47133e9b91a1d0c4b9ad4baf9416021d8d3cc93c4dcff9fa6d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 663bf317cc41451990cc93e46cfe73916fae5583d8cdaf15be8b5dd2fa148640
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0701C032901219DFCB15EBA4C9416BEBBB4EF94711F2441AAF911AB3D1CF749E018B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B00B9B Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B00BA2
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B00BAC
                                                                                                                                                                                            • int.LIBCPMT ref: 00B00BC3
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • ctype.LIBCPMT ref: 00B00BE6
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B00BFD
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B00C1D
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B00C2A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registerctype
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2958136301-0
                                                                                                                                                                                            • Opcode ID: 5d293f97031d3cc3e2240d0b6b69860ea55d1bc19f64727c132674dd415dfc2d
                                                                                                                                                                                            • Instruction ID: 7e73d355a237e3c611a4735b7c7bb2737ebdf1d5840e8c7e3cdbb73989dd5506
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d293f97031d3cc3e2240d0b6b69860ea55d1bc19f64727c132674dd415dfc2d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8501E1318102199FCB10BFA4C9416BEBBB1EF94311F24019AE411A73D1DF309A408781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B00B06 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B00B0D
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B00B17
                                                                                                                                                                                            • int.LIBCPMT ref: 00B00B2E
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • codecvt.LIBCPMT ref: 00B00B51
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B00B68
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B00B88
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B00B95
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2133458128-0
                                                                                                                                                                                            • Opcode ID: 05ade876522036bf3cf7c221114b70ea9eca1a38159eae0f6e054ce4fc1e087e
                                                                                                                                                                                            • Instruction ID: fc39f8afd8480580790d33f37c58902b21c7fdd5bda93496eaaed4077973bbcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 05ade876522036bf3cf7c221114b70ea9eca1a38159eae0f6e054ce4fc1e087e
                                                                                                                                                                                            • Instruction Fuzzy Hash: C20104318106199FCB01FFA4C9417BEBBB1AF84320F28019AF511AB3D0DF309A01C780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06CE3 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06CEA
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06CF4
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06D0B
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00B06D2E
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06D45
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06D65
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06D72
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                            • Opcode ID: 57a19429817016279bbf2c5ddb23f2ef837ca6e0678c7580fe050c0f6dc6af00
                                                                                                                                                                                            • Instruction ID: 2d817384ec235bb6fb561d513e3c0e0b3dbb48f002e40a0c49fc90728c17d01c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 57a19429817016279bbf2c5ddb23f2ef837ca6e0678c7580fe050c0f6dc6af00
                                                                                                                                                                                            • Instruction Fuzzy Hash: CA01C4319002199FCB14EBA4D9457BEBBB0EF94311F2401A9F411AB3E1CF709E00CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06C4E Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06C55
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06C5F
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06C76
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00B06C99
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06CB0
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06CD0
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06CDD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                            • Opcode ID: eda5f59633713fb4d63fd0ff8ac35bc69f457a6aa9a1ff4b3436f1a9e1c20659
                                                                                                                                                                                            • Instruction ID: 9b58c36c1fdd5c3e1b1eaace1ab03080a31ba0a1b1248dddbceffc760bdf94f6
                                                                                                                                                                                            • Opcode Fuzzy Hash: eda5f59633713fb4d63fd0ff8ac35bc69f457a6aa9a1ff4b3436f1a9e1c20659
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3601C4319105199FDB14EFA4C9456BEBBB0EF84311F1441AAF952AB3E1DF749E00CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B00D5A Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B00D61
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B00D6B
                                                                                                                                                                                            • int.LIBCPMT ref: 00B00D82
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00B00DA5
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B00DBC
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B00DDC
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B00DE9
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3064348918-0
                                                                                                                                                                                            • Opcode ID: bd8227f396b10aadb7da8db8b84d94b56033f0e3caf80d4df93f0b5d5bc5f74c
                                                                                                                                                                                            • Instruction ID: 41b47a7835323992ecc85948d3c6f08db99c1b98f905ca0b571de074e34728de
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd8227f396b10aadb7da8db8b84d94b56033f0e3caf80d4df93f0b5d5bc5f74c
                                                                                                                                                                                            • Instruction Fuzzy Hash: E101A1359102199FCB05EFA4D9517BEBBB1AF94320F1405AAE912A73D1DF709A008B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06F37 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06F3E
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06F48
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06F5F
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • numpunct.LIBCPMT ref: 00B06F82
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06F99
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06FB9
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06FC6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registernumpunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3064348918-0
                                                                                                                                                                                            • Opcode ID: b1faa5e87ff1ee4caa8170ff8942d6f58f4a7afe3e9e457555d89821cda8557a
                                                                                                                                                                                            • Instruction ID: fbfbf5fc2eebde5cf83d77a6fd3e27e27a62706044894f9a6516a24daf8c37c0
                                                                                                                                                                                            • Opcode Fuzzy Hash: b1faa5e87ff1ee4caa8170ff8942d6f58f4a7afe3e9e457555d89821cda8557a
                                                                                                                                                                                            • Instruction Fuzzy Hash: C001D63190021ADFCB05EFA4DA816BEBBB1AF94350F240199F411A73E1DF709E41C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B112D2 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B112D9
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B112E3
                                                                                                                                                                                            • int.LIBCPMT ref: 00B112FA
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • messages.LIBCPMT ref: 00B1131D
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B11334
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B11354
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B11361
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermessages
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 958335874-0
                                                                                                                                                                                            • Opcode ID: 0cec5276eb9133a037ab092c9d3a94153f50a2a24278fc1e23c1708867f1c374
                                                                                                                                                                                            • Instruction ID: 3d9af89f2c0c7b3ff6f3682a5b46d0bad0ae12ad07d0a5d95dd3a34b55cc90b1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cec5276eb9133a037ab092c9d3a94153f50a2a24278fc1e23c1708867f1c374
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A01A1329101199FCB04ABA8DA456BEB7B0AF84711F680599E911AB391DF709E408791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B1123D Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B11244
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B1124E
                                                                                                                                                                                            • int.LIBCPMT ref: 00B11265
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • collate.LIBCPMT ref: 00B11288
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B1129F
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B112BF
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B112CC
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercollate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1767075461-0
                                                                                                                                                                                            • Opcode ID: 53cb35c396c6c67eb0417979a8bba6734cbca9d7148277d1fda53eeb2c303cbb
                                                                                                                                                                                            • Instruction ID: 62f8856fe4f62075d73e3e55edf05357ab1a8e3d39b621f45cebe37c007884d1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 53cb35c396c6c67eb0417979a8bba6734cbca9d7148277d1fda53eeb2c303cbb
                                                                                                                                                                                            • Instruction Fuzzy Hash: C401C0369002199FCB00EBA8C9456FEBBF0EF84310F6405AAF911AB391CF709E408BD1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B11491 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B11498
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B114A2
                                                                                                                                                                                            • int.LIBCPMT ref: 00B114B9
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00B114DC
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B114F3
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B11513
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B11520
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                            • Opcode ID: 3aa07106500320b53f126dd5d331140128fdb752d0f43c864820820e1c010fe5
                                                                                                                                                                                            • Instruction ID: c21eeceb8b785f8c98c85d7cb3df77d624fd9e6def1332675ff9f32dcd0bf8c0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3aa07106500320b53f126dd5d331140128fdb752d0f43c864820820e1c010fe5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7B01E132900119DFCB05EFA8C9516BEB7B1AF94310F140499E512AB391DF309E418B80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B11526 Relevance: 10.5, APIs: 7, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B1152D
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B11537
                                                                                                                                                                                            • int.LIBCPMT ref: 00B1154E
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00B11571
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B11588
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B115A8
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B115B5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registermoneypunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3376033448-0
                                                                                                                                                                                            • Opcode ID: e74431b5799967b5ec18f16e13cad71cc9edae19f0b9294e3aa48a3021ebe74c
                                                                                                                                                                                            • Instruction ID: 995f575e6c89869c0a3960eb0e7ea3bfda46261c917166995f492db2fa739498
                                                                                                                                                                                            • Opcode Fuzzy Hash: e74431b5799967b5ec18f16e13cad71cc9edae19f0b9294e3aa48a3021ebe74c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5001C431910219DFCB04EBA8C9416FEBBB1FF94710F54059AF512A7391CF709E418B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC9960 Relevance: 9.3, APIs: 6, Instructions: 337threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorMtx_unlockThrow_std::_$Cnd_broadcastCurrentThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3121442025-0
                                                                                                                                                                                            • Opcode ID: 1a4dd77bc039e4554917a2ad2fc162de0947c990c9bce0b0a1788a04307b1b55
                                                                                                                                                                                            • Instruction ID: 52cf2f9573ff2f908cc3e056b2028a850b11d25cee64f1f330c8b7cc6441f3d7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a4dd77bc039e4554917a2ad2fc162de0947c990c9bce0b0a1788a04307b1b55
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7D179B0A016159FDB21CF68C988BAABBF4FF08710F15816DE81A9B351EB74DD01CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B23A92 Relevance: 9.3, APIs: 6, Instructions: 285COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __allrem.LIBCMT ref: 00B23C1A
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B23C36
                                                                                                                                                                                            • __allrem.LIBCMT ref: 00B23C4D
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B23C6B
                                                                                                                                                                                            • __allrem.LIBCMT ref: 00B23C82
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B23CA0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1992179935-0
                                                                                                                                                                                            • Opcode ID: 66cefeb26549916871e4cde83a0baf066c8c59f89dfc9ba201127e90f6c9a850
                                                                                                                                                                                            • Instruction ID: f0a0306448806fbe4a88e07a9f92775b2652cf33b80df62b7f0dbfdf122a197f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 66cefeb26549916871e4cde83a0baf066c8c59f89dfc9ba201127e90f6c9a850
                                                                                                                                                                                            • Instruction Fuzzy Hash: 58815C72600726ABD7209F78EC81B6E77E9EF40B60F2441B9F459D7381E778EA018750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE6ED0 Relevance: 9.2, APIs: 6, Instructions: 202COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AFF5DD: __EH_prolog3.LIBCMT ref: 00AFF5E4
                                                                                                                                                                                              • Part of subcall function 00AFF5DD: std::_Lockit::_Lockit.LIBCPMT ref: 00AFF5EF
                                                                                                                                                                                              • Part of subcall function 00AFF5DD: std::locale::_Setgloballocale.LIBCPMT ref: 00AFF60A
                                                                                                                                                                                              • Part of subcall function 00AFF5DD: std::_Lockit::~_Lockit.LIBCPMT ref: 00AFF65D
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AE6F2F
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AE6F51
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AE6F71
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AE6FAA
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00AE713F
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AE717E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3RegisterSetgloballocalestd::locale::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2610399687-0
                                                                                                                                                                                            • Opcode ID: ebf66904d1e4bf8c3be17e3f61d315ef4d5c4588811aea01500ea18f15550082
                                                                                                                                                                                            • Instruction ID: 187ff8547c6189a5195550daa9c41f733ce1a10883fc90d61130fab38e5ac3ef
                                                                                                                                                                                            • Opcode Fuzzy Hash: ebf66904d1e4bf8c3be17e3f61d315ef4d5c4588811aea01500ea18f15550082
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F8169B1C01249CFDB10DFA5D98479EBBB0BF04714F248299E508AB391DB75AA44CFA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE7650 Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AE767D
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AE76A0
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AE76C0
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00AE7735
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AE774D
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AE7766
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                            • Opcode ID: 151c87408284a848d6ba58a7571694b2282d9f9bdd1d774187d3d35f2ebdfd4d
                                                                                                                                                                                            • Instruction ID: 41ba5eae7acab4062a29ed52c585b3d1c77928d5322d936e22224efb0c0c3381
                                                                                                                                                                                            • Opcode Fuzzy Hash: 151c87408284a848d6ba58a7571694b2282d9f9bdd1d774187d3d35f2ebdfd4d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 655133329042558FCB24DF6AD940BAFBBB8EF40320F14866AE91597391EB30AD44CBD0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACB960 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Xtime_get_ticks.LIBCPMT ref: 00ACB9BB
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ACB9C9
                                                                                                                                                                                            • GetLastError.KERNEL32(sendEventSync), ref: 00ACBD38
                                                                                                                                                                                              • Part of subcall function 00AB35D0: HeapAlloc.KERNEL32(?,00000000,?,?,?,00B5975C,?,?,00AB108B,80004005,B994DF4A,?,00B3A44F,000000FF), ref: 00AB35FB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocErrorHeapLastUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID: Error sending sync event!$sendEventSync
                                                                                                                                                                                            • API String ID: 1678419135-652745250
                                                                                                                                                                                            • Opcode ID: 152b55dbb9d97a465e6228cc831e45521ff55dd118a893cee06f5dd7db9f7a29
                                                                                                                                                                                            • Instruction ID: efa32a372072cb1c3a8d05a2712a94a63fe40fbf5a64ddd50fb6118401814155
                                                                                                                                                                                            • Opcode Fuzzy Hash: 152b55dbb9d97a465e6228cc831e45521ff55dd118a893cee06f5dd7db9f7a29
                                                                                                                                                                                            • Instruction Fuzzy Hash: D7E1C171900248DFDB04DFA8C956BADBBF4EF44314F1581ADE816AB392DB719E04CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACBDE0 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 376COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Xtime_get_ticks.LIBCPMT ref: 00ACBE10
                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00ACBE1E
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FindHeapProcessResourceUnothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                                                                                                                                            • String ID: Fast!$errorMsg=%ws$errorMsg=%ws&errorCode=%u
                                                                                                                                                                                            • API String ID: 2519110999-1285405227
                                                                                                                                                                                            • Opcode ID: c2b1f734ab9e4bc4595955df648b632a9855b9911721e614882b72f6cceec2f4
                                                                                                                                                                                            • Instruction ID: 6fbb718ea9de1a07df97544974f57abdc930acff028bcc8af328044bc7d9291f
                                                                                                                                                                                            • Opcode Fuzzy Hash: c2b1f734ab9e4bc4595955df648b632a9855b9911721e614882b72f6cceec2f4
                                                                                                                                                                                            • Instruction Fuzzy Hash: F6D1D371900205DFDB14EBA8C955FAEBBB5EF45314F15819DE809AB3A3EB309E04CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B265F9 Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 370COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16
                                                                                                                                                                                            • String ID: a/p$am/pm
                                                                                                                                                                                            • API String ID: 3509577899-3206640213
                                                                                                                                                                                            • Opcode ID: e959f4601f4d95a4fdf5cd114deb4dd3024db917f049d5d96072be8243120865
                                                                                                                                                                                            • Instruction ID: ef67e01b453a75875b6e14e9a18c6f24bbf77a1cd56b2e7e8fdda68b95f7d7e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: e959f4601f4d95a4fdf5cd114deb4dd3024db917f049d5d96072be8243120865
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8EC10435900276DBCB258F68E8957BAB7F4FF1A300F1441DAE90DAB250DB319D81DB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFB4B0 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AFB4DD
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AFB500
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AFB520
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00AFB595
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AFB5AD
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AFB5C6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2081738530-0
                                                                                                                                                                                            • Opcode ID: f97c1d94ac01139136a39c8cfab960b4cb5bb58f45c020d1a914862ef7dafba5
                                                                                                                                                                                            • Instruction ID: 43c36e0f92af5cc7351da4c6e07e785ac04f762e9dc4b7091f6d5d017c745409
                                                                                                                                                                                            • Opcode Fuzzy Hash: f97c1d94ac01139136a39c8cfab960b4cb5bb58f45c020d1a914862ef7dafba5
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD318E71920219DFCB21DF94D981ABAB7B4FF04360F14466AEA06A7391DB34AD05CBE1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC8600 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Mtx_unlock$Cpp_errorThrow_std::_$Cnd_broadcast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4207855644-0
                                                                                                                                                                                            • Opcode ID: 873e5498279bb3cf5ef88207da9f4020b60bacc0dd11bb72c2c7b7e30430bd04
                                                                                                                                                                                            • Instruction ID: 8ca2f0aff457db3a1fe271649ca26a1d721152097bbc8e8d48d0b9a4637e2765
                                                                                                                                                                                            • Opcode Fuzzy Hash: 873e5498279bb3cf5ef88207da9f4020b60bacc0dd11bb72c2c7b7e30430bd04
                                                                                                                                                                                            • Instruction Fuzzy Hash: B71159721017149FD710EB609E05FABB798BF60368F014229FA1857252DB34F819CBE5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B18D7A Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00B18D71,00B16550,00AFEAD9,B994DF4A,?,?,?,00000000,00B3E117,000000FF,?,00ACA83F), ref: 00B18D88
                                                                                                                                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B18D96
                                                                                                                                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B18DAF
                                                                                                                                                                                            • SetLastError.KERNEL32(00000000,?,?,00000000,00B3E117,000000FF,?,00ACA83F,?,?,?), ref: 00B18E01
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3852720340-0
                                                                                                                                                                                            • Opcode ID: 6ec9bcab8d035a3ea9f76ced639383a1c9a1030017c38f1d760c6977c5b0f0ec
                                                                                                                                                                                            • Instruction ID: ae5bd3d623995d26312a6e9db341f935b6da9433d0ddb04db2677af36b79b496
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6ec9bcab8d035a3ea9f76ced639383a1c9a1030017c38f1d760c6977c5b0f0ec
                                                                                                                                                                                            • Instruction Fuzzy Hash: AC01243321D7116EA6242BB97C99AEA3BD9FB167713B003FDF110A21F0EF615C826184
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFCE70 Relevance: 9.1, APIs: 6, Instructions: 58windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • PostMessageW.USER32(?,00000402,?,?), ref: 00AFCE97
                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00AFCEA3
                                                                                                                                                                                            • PostMessageW.USER32(?,00000401,00000000,00000000), ref: 00AFCEBC
                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00AFCEC8
                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 00AFCED7
                                                                                                                                                                                            • DefWindowProcW.USER32(?,?,?,?), ref: 00AFCEE3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessagePostProcWindow$Quit
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3552470998-0
                                                                                                                                                                                            • Opcode ID: 1420ecc26f98714e243f9842c20d4ce579e53eafeb06278c0a2dc792f1b3db9c
                                                                                                                                                                                            • Instruction ID: c56013cca7016341d0feefe4cbfdaf464c48e9bc6f33e2744c8a143ea2151299
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1420ecc26f98714e243f9842c20d4ce579e53eafeb06278c0a2dc792f1b3db9c
                                                                                                                                                                                            • Instruction Fuzzy Hash: E4015A7B25211CBFD7116F99FD48FAB7B2CFB8A721F004016FB01A20928AB15A119678
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B00CC5 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B00CCC
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B00CD6
                                                                                                                                                                                            • int.LIBCPMT ref: 00B00CED
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B00D27
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B00D47
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B00D54
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 126d1e5cf2bfbbb1e7e0e42558e63b1bdf2eedfb708476a963f2244dc6dc0e70
                                                                                                                                                                                            • Instruction ID: b400980c5937192296c14dec814b8636566a8edf059a448183f6c1dc8255e37e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 126d1e5cf2bfbbb1e7e0e42558e63b1bdf2eedfb708476a963f2244dc6dc0e70
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2501A1359102199FCB04EBA4D9417BEBBB1BF94710F2401AAE915AB3D1DF709A418B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B00C30 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B00C37
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B00C41
                                                                                                                                                                                            • int.LIBCPMT ref: 00B00C58
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B00C92
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B00CB2
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B00CBF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: e965d2952bce9a83402abe6ac27be5f92f9c21a91415358afb1c862fbfef4889
                                                                                                                                                                                            • Instruction ID: adefcc26f843a309d5307cd2839f4d7f31b59b8c30eca05cc05b1f8ca239894f
                                                                                                                                                                                            • Opcode Fuzzy Hash: e965d2952bce9a83402abe6ac27be5f92f9c21a91415358afb1c862fbfef4889
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7201C0329102199FDB14FFA4D9457BEBBB1EF94310F2442AAF811AB3D1DF709A018B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06D78 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06D7F
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06D89
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06DA0
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06DDA
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06DFA
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06E07
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 6c9ecc75c11f140c2218ee15a22214c743c2228bbe78553c9bfaecd59853fbe4
                                                                                                                                                                                            • Instruction ID: 9b8df1a6656d4ca36478cace9bdfae0896fc93865b5baade5448fa2676b2fa2a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c9ecc75c11f140c2218ee15a22214c743c2228bbe78553c9bfaecd59853fbe4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7601A17591021A9FCB00ABA4D9456BEBBB0EF84311F2401A9F511AB3E1CF709A01CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06EA2 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06EA9
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06EB3
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06ECA
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06F04
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06F24
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06F31
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 085dbd8a7c79f0f2005518f946147acffb4fb83c3d1f06b1347463d117f58a4b
                                                                                                                                                                                            • Instruction ID: 1f43ba1da98d781d0227a5d0c703ac145e0f84689225f20e089f2adf83605427
                                                                                                                                                                                            • Opcode Fuzzy Hash: 085dbd8a7c79f0f2005518f946147acffb4fb83c3d1f06b1347463d117f58a4b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3801C43591021ADFCB00EBA4D9416BEBBB0AF84310F24059AF511A73E1CF709A01CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06E0D Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06E14
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06E1E
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06E35
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B06E6F
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06E8F
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B06E9C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 776ef7259220f1bf8a80768a21de82199373b22b446278e75005164b19cc4870
                                                                                                                                                                                            • Instruction ID: ca73e9fe8953ff49503612f8b488e196d9b2f017e0332a48972c73533bbb849a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 776ef7259220f1bf8a80768a21de82199373b22b446278e75005164b19cc4870
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0301C435900219DFCB04EBA4C9456BEBBB0AF84710F24059AF811AB3D1CF709E01C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06FCC Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06FD3
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06FDD
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06FF4
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B0702E
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B0704E
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B0705B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: e70b27e590adf9ad1969c3c95b498c53e147c10b4e3c70fb4f92094af6ff2c11
                                                                                                                                                                                            • Instruction ID: 13b491e407661a394238c21b3bd0b1d9b30417882b173a49ac5668c782b8c51f
                                                                                                                                                                                            • Opcode Fuzzy Hash: e70b27e590adf9ad1969c3c95b498c53e147c10b4e3c70fb4f92094af6ff2c11
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4701A1719501199FCB01AFA4C9816BEBBB0AF84710F24059AE411A73E1DF74AE058B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B070F6 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B070FD
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B07107
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0711E
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B07158
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B07178
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B07185
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 99bace2eb240cee266bd0dcf436afa82a1448d2a8706716d56835e7b0056f590
                                                                                                                                                                                            • Instruction ID: 216a272807dae05bb3b1d07794920a8a57ff3b3e06d375f8f1c21b3fe7b74a50
                                                                                                                                                                                            • Opcode Fuzzy Hash: 99bace2eb240cee266bd0dcf436afa82a1448d2a8706716d56835e7b0056f590
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F01A132D402199FCB01EBA4C9856BEBBB1EF84310F24419AF511A72D1DF709E01C7D0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B07061 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B07068
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B07072
                                                                                                                                                                                            • int.LIBCPMT ref: 00B07089
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B070C3
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B070E3
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B070F0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 20af687a26792897691afb334fd67946bebc284b919cb403c4f93e7e45d0a0b9
                                                                                                                                                                                            • Instruction ID: 106832f6068252bbf3fbe0d2d40dfd4911a63184a147d47dd56ae6a10fd34149
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20af687a26792897691afb334fd67946bebc284b919cb403c4f93e7e45d0a0b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E01A1329502199FCB00EBA4C9416BEBBB1AF84311F24019AE511AB2D1DF70AA00CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0718B Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B07192
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B0719C
                                                                                                                                                                                            • int.LIBCPMT ref: 00B071B3
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B071ED
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B0720D
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B0721A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 213753ad217850ef60259d80c875e4fb4ad517e5533199aab83c568f5ef91265
                                                                                                                                                                                            • Instruction ID: f3578243c9e40e4dad7f3719cde46628abb3fb5b742ff3fd61a0c73388ecc9e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 213753ad217850ef60259d80c875e4fb4ad517e5533199aab83c568f5ef91265
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8901C436D502199FCB01EFA4C9456BEBBB5EF98310F5441AAF511A73E1DF709A01C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B113FC Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B11403
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B1140D
                                                                                                                                                                                            • int.LIBCPMT ref: 00B11424
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B1145E
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B1147E
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B1148B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 8af857ede0cf77aed15c9a4c04e52c62aad83d886e3d2ac548dd08c3ba9895c8
                                                                                                                                                                                            • Instruction ID: 1f7fe66254b50271d29ac44e9f7a84585e23b4a9bb60e959885033bbead3f341
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8af857ede0cf77aed15c9a4c04e52c62aad83d886e3d2ac548dd08c3ba9895c8
                                                                                                                                                                                            • Instruction Fuzzy Hash: E001A1319002199FCB00EBA8C9456FEB7B0AF84710F64459AE511A7391CF709E418B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B11367 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B1136E
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B11378
                                                                                                                                                                                            • int.LIBCPMT ref: 00B1138F
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B113C9
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B113E9
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B113F6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: eb6dcefc4da2f6b73e52ef516c753014ec8cebd34a52587f6633b0a3822c1380
                                                                                                                                                                                            • Instruction ID: d4ebae276be9848d34fc15ef54c6ebf830d5a4ab573f2f203d48c777bf1834bc
                                                                                                                                                                                            • Opcode Fuzzy Hash: eb6dcefc4da2f6b73e52ef516c753014ec8cebd34a52587f6633b0a3822c1380
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E01C4329102199FCB14EBA8D9856FEB7F1EF84310F6405AAF911A7391CF709E418791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B115BB Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B115C2
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B115CC
                                                                                                                                                                                            • int.LIBCPMT ref: 00B115E3
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B1161D
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B1163D
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B1164A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: 913cd36cce3e3016cb9aa02f2dc6f3b28475f5d95855d09e2c15722bb2516271
                                                                                                                                                                                            • Instruction ID: 4abebd98fab724f714ad0c7e408901a425044cd1431dcce622f3f2f9816c82c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 913cd36cce3e3016cb9aa02f2dc6f3b28475f5d95855d09e2c15722bb2516271
                                                                                                                                                                                            • Instruction Fuzzy Hash: C401C0329102199FCB00EBA8C9416FEB7F1EF94310F68059AF912AB391CF709E41CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B11650 Relevance: 9.0, APIs: 6, Instructions: 49COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B11657
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B11661
                                                                                                                                                                                            • int.LIBCPMT ref: 00B11678
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Facet_Register.LIBCPMT ref: 00B116B2
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B116D2
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B116DF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Register
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 55977855-0
                                                                                                                                                                                            • Opcode ID: c890b22df41a3de28822053c87e15bbba2e63e29c2a04f402cdf278178a9c9e1
                                                                                                                                                                                            • Instruction ID: 7ae9a1fa9084858ad8c30de7d2c201a7c40ee51c67f1d81fe1ac0aecc3f70906
                                                                                                                                                                                            • Opcode Fuzzy Hash: c890b22df41a3de28822053c87e15bbba2e63e29c2a04f402cdf278178a9c9e1
                                                                                                                                                                                            • Instruction Fuzzy Hash: BF01AD329102199FCB01FBA8C9416FEB7B1AF84710F68459AE911AB291DF709E418B91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE3950 Relevance: 9.0, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3AB8
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3AC3
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3ACA
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3AD5
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3ADC
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3AEA
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2134207285-0
                                                                                                                                                                                            • Opcode ID: 363e860ba9410aca751b21c0e4129cb86267cc11a57bcc49203177d221c8aa90
                                                                                                                                                                                            • Instruction ID: 9b1e38720c72025106c9a26216680b1df7614105c472ac23b0dd8ce06dabdad5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 363e860ba9410aca751b21c0e4129cb86267cc11a57bcc49203177d221c8aa90
                                                                                                                                                                                            • Instruction Fuzzy Hash: AAF0A47194078CABD700EFB58E02F6B769CEB05B50F114725FF24979E1EA7195004F65
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B067A6 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B067AD
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B067B7
                                                                                                                                                                                            • int.LIBCPMT ref: 00B067CE
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • messages.LIBCPMT ref: 00B067F1
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06828
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 50917705-0
                                                                                                                                                                                            • Opcode ID: a78dfe1b9343ffff08f9963fb1aeb1454cc29f1e1ffe3325e25406c9b7012f10
                                                                                                                                                                                            • Instruction ID: 98f827d957716dae12b74d68546a25dcab6d5e23e4d809583b25881e05afd1e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: a78dfe1b9343ffff08f9963fb1aeb1454cc29f1e1ffe3325e25406c9b7012f10
                                                                                                                                                                                            • Instruction Fuzzy Hash: 52F0F03280020A9FCF00FBA0C9427BE7BA0EF40351F1401AAF521AB2D0DF30CE048781
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06711 Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06718
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06722
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06739
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • ctype.LIBCPMT ref: 00B0675C
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06793
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3ctype
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3358926169-0
                                                                                                                                                                                            • Opcode ID: f85e51005c81360c8be49479221a0fc6f3a6d45b84a9276cea657d91ce537506
                                                                                                                                                                                            • Instruction ID: e3d1d52f955c74b3b2560e2436765f5af90f8188e2ed1d3cd51bd4ff476a5263
                                                                                                                                                                                            • Opcode Fuzzy Hash: f85e51005c81360c8be49479221a0fc6f3a6d45b84a9276cea657d91ce537506
                                                                                                                                                                                            • Instruction Fuzzy Hash: 00F090328105099ECF14EBA4C9527BE77A4AF80355F5405AAFA21AB2D1EF709E048790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0683B Relevance: 9.0, APIs: 6, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06842
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B0684C
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06863
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • messages.LIBCPMT ref: 00B06886
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B068BD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3messages
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 50917705-0
                                                                                                                                                                                            • Opcode ID: 6238830cbc94a1178febdfec69504f9c1bc35cc2fab2e195095bc6eeef7fc921
                                                                                                                                                                                            • Instruction ID: 02a3904684ccf2d67d4b239d0f986eda6ed606e5626445f0f11a2b78d0d74c15
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6238830cbc94a1178febdfec69504f9c1bc35cc2fab2e195095bc6eeef7fc921
                                                                                                                                                                                            • Instruction Fuzzy Hash: EFF0903281060A9ECF04EBB0C9527BE77A0EF50361F5441AAFA51AB2E1DF30DA058791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AF1420 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 139synchronizationCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104,B994DF4A), ref: 00AF145A
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000258,000000FF,?,?,?,80004005,80004005), ref: 00AF15F8
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileModuleNameObjectSingleWait
                                                                                                                                                                                            • String ID: Error$Error: can't change dir!$\
                                                                                                                                                                                            • API String ID: 2211456419-439453160
                                                                                                                                                                                            • Opcode ID: 892bf612108ab9719383cdcf8477de55ae3166c52daab322e4e38980a5748222
                                                                                                                                                                                            • Instruction ID: 63c29ee86c951c736d9e1f257e3735bab6015739746a8cf704cffdc9d990fd12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 892bf612108ab9719383cdcf8477de55ae3166c52daab322e4e38980a5748222
                                                                                                                                                                                            • Instruction Fuzzy Hash: C051A27194120CDBDB10DBA8DD49BE9B7B8EF51310F148299F919972A2EB709E44CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0A7DF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Mpunct$GetvalsH_prolog3
                                                                                                                                                                                            • String ID: $+xv
                                                                                                                                                                                            • API String ID: 2204710431-1686923651
                                                                                                                                                                                            • Opcode ID: 9e21df7159d952c605db61ab60eda8a44d7307e89375f38801ca6644e6aa0aac
                                                                                                                                                                                            • Instruction ID: abe823f97ee4723bd8142ba95a46734117f1741e58af886b00bbc23c66cf8fbe
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e21df7159d952c605db61ab60eda8a44d7307e89375f38801ca6644e6aa0aac
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D2192B1904B56AEDB25DF74C49067BBEF8AB09300F044A9EF499C7A41E734EA45CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B27922 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,B994DF4A,?,?,00000000,00B386D0,000000FF,?,00B278FE,?,?,00B278D2,?), ref: 00B27957
                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B27969
                                                                                                                                                                                            • FreeLibrary.KERNEL32(00000000,?,00000000,00B386D0,000000FF,?,00B278FE,?,?,00B278D2,?), ref: 00B2798B
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 8ccb83ed0e0826a69fc472452c3b43b6cbf1b33bcc8702443114f23fd826d47e
                                                                                                                                                                                            • Instruction ID: 7035744f8c0d9aa500c7a571c976ffeb8de8b2605640eb6a4be7e3e50f8188eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ccb83ed0e0826a69fc472452c3b43b6cbf1b33bcc8702443114f23fd826d47e
                                                                                                                                                                                            • Instruction Fuzzy Hash: F3012C35964629ABDB119B54DC05BAFBBF8FB04B11F004665A811A22A0DFB49A00DA90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2DC4F Relevance: 7.7, APIs: 5, Instructions: 197COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B2DCD4
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00B2DD9D
                                                                                                                                                                                            • __freea.LIBCMT ref: 00B2DE04
                                                                                                                                                                                              • Part of subcall function 00B2A5E5: HeapAlloc.KERNEL32(00000000,00000000,00B28374,?,00B2C616,?,00000000,?,00B244D7,00000000,00B28374,00000004,?,00000000,?,00B2816E), ref: 00B2A617
                                                                                                                                                                                            • __freea.LIBCMT ref: 00B2DE17
                                                                                                                                                                                            • __freea.LIBCMT ref: 00B2DE24
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __freea$__alloca_probe_16$AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1096550386-0
                                                                                                                                                                                            • Opcode ID: e4e6b230cddac86ebe0ab6f9633783b731ccfbd71481ea7f9922e94be8d6c615
                                                                                                                                                                                            • Instruction ID: 8740dcb4e6b182f81a9729c969c3d8ab7d717408fdc9fbce90be7e9d22780dd8
                                                                                                                                                                                            • Opcode Fuzzy Hash: e4e6b230cddac86ebe0ab6f9633783b731ccfbd71481ea7f9922e94be8d6c615
                                                                                                                                                                                            • Instruction Fuzzy Hash: E951B672600226AFEF20AF65EC85EBB7AE9DF58750B1605A8FD0CDB150EB30CD50D660
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE3B37 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2334871359-0
                                                                                                                                                                                            • Opcode ID: 48efaaa724526f94976fe7985a1def729f18f0891e0c25ab0f9e586b5b18c2d6
                                                                                                                                                                                            • Instruction ID: 6bbc83eef81c543c54ee027a464e23b70001e7401355ac3c739c2947fed0365a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 48efaaa724526f94976fe7985a1def729f18f0891e0c25ab0f9e586b5b18c2d6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 27413875A006488FDB20DF65C985BAAB7F0FF48710F2485A9E81AAB751D731ED05CBA0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0194B Relevance: 7.6, APIs: 5, Instructions: 94COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B01952
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B0195C
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B01A03
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00B01A0E
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B01A1B
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3Lockitstd::_$Concurrency::cancel_current_taskLockit::_Lockit::~_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 845066630-0
                                                                                                                                                                                            • Opcode ID: e5141391823f158fd6bb816d226d9529ea5b17fb898aad77715e001cbeae91fd
                                                                                                                                                                                            • Instruction ID: 298a14274be252aee08d3bd529d329c849fdec55e85e4384f42f352b1bde3fca
                                                                                                                                                                                            • Opcode Fuzzy Hash: e5141391823f158fd6bb816d226d9529ea5b17fb898aad77715e001cbeae91fd
                                                                                                                                                                                            • Instruction Fuzzy Hash: B4316D35A10615EFDB08EF58C891AACBBB5FF45710F408499E915AB2D1CB70EE41CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B04EC6 Relevance: 7.6, APIs: 5, Instructions: 58COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Maklocstr$Maklocchr
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2020259771-0
                                                                                                                                                                                            • Opcode ID: ffac6bcfbf17b34ea965b395e308e34b1e906b9cf0b15143719ce64bd8170b80
                                                                                                                                                                                            • Instruction ID: 4d55bd9dd457031938404d70510a1c1ea08c2a0c1115f05904fb26ab052749fa
                                                                                                                                                                                            • Opcode Fuzzy Hash: ffac6bcfbf17b34ea965b395e308e34b1e906b9cf0b15143719ce64bd8170b80
                                                                                                                                                                                            • Instruction Fuzzy Hash: 76116AB1500B857BE720DBA5DC81F17BBECFB05714F040599F2458BA80D365F9508BA5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B068D0 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B068D7
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B068E1
                                                                                                                                                                                            • int.LIBCPMT ref: 00B068F8
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06952
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1383202999-0
                                                                                                                                                                                            • Opcode ID: 5fa41cac7ab07c38aed7a0e7b8618fd73b4a4dc2a2296abf8f2e3fb441f9d3f8
                                                                                                                                                                                            • Instruction ID: 8a4b11af40c11ed87786b0b724b4b8c50c2cb0642de0d444eec0cee5f5953cd2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fa41cac7ab07c38aed7a0e7b8618fd73b4a4dc2a2296abf8f2e3fb441f9d3f8
                                                                                                                                                                                            • Instruction Fuzzy Hash: F2F0BB3281050A9FCF05EFA0CA52BBE77A4EF44761F6405A5F5216B2D2DF30DE048B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B069FA Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06A01
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06A0B
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06A22
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06A7C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1383202999-0
                                                                                                                                                                                            • Opcode ID: 436b6626e762274724443df69396cffb6387fb7c3dc20a31461664fc1ae66c1c
                                                                                                                                                                                            • Instruction ID: c1dcc78d44bb65d598eb0400a5c27d233361fce3c5a95c91f9b97f29294aad0c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 436b6626e762274724443df69396cffb6387fb7c3dc20a31461664fc1ae66c1c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 73F0F03290061A9ECF04FBA4CA427BF77A0EF50350F5441AAF621AB2D1DF308A048780
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06965 Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B0696C
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06976
                                                                                                                                                                                            • int.LIBCPMT ref: 00B0698D
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B069E7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1383202999-0
                                                                                                                                                                                            • Opcode ID: 42f635d029e66921e36b89f22f3ab8c3ba3113911160ed1a4c724966250c780a
                                                                                                                                                                                            • Instruction ID: 2086a90b996969e7c8349d4cceaefff1d8f32c8dd0b091adaa8b29cc13f7c9cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 42f635d029e66921e36b89f22f3ab8c3ba3113911160ed1a4c724966250c780a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 03F0B4328115099FCF14EBB0CA427BE77A0EF54711F5401A9F521AB2D1DF30DA14C791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06A8F Relevance: 7.5, APIs: 5, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06A96
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06AA0
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06AB7
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06B11
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1383202999-0
                                                                                                                                                                                            • Opcode ID: d56653dc938e17e400371985c629e0c6f72620ad007b01bc83fdef8c98992d36
                                                                                                                                                                                            • Instruction ID: 9a2aca93757d1027ad9ba7913483b5196ba139714c31be3e62483170333d7bc4
                                                                                                                                                                                            • Opcode Fuzzy Hash: d56653dc938e17e400371985c629e0c6f72620ad007b01bc83fdef8c98992d36
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82F06D32910519AACF04EBA0CA427BE77A0EF50751F5405A9B511AB2E1DF30DE15C791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B06B24 Relevance: 7.5, APIs: 5, Instructions: 28COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B06B2B
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00B06B35
                                                                                                                                                                                            • int.LIBCPMT ref: 00B06B4C
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::_Lockit.LIBCPMT ref: 00AD3561
                                                                                                                                                                                              • Part of subcall function 00AD3550: std::_Lockit::~_Lockit.LIBCPMT ref: 00AD357B
                                                                                                                                                                                            • moneypunct.LIBCPMT ref: 00B06B6F
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00B06BA6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3moneypunct
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3160146232-0
                                                                                                                                                                                            • Opcode ID: 33dba0e1c546865115242599219445cfb704796c70df99d76e884a55e62fc240
                                                                                                                                                                                            • Instruction ID: 65ecf68b15fe83499deffdfe00508b45b5264524f090cadfa360ea5daf5ef6a0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 33dba0e1c546865115242599219445cfb704796c70df99d76e884a55e62fc240
                                                                                                                                                                                            • Instruction Fuzzy Hash: DDF082729516099BCF01EBA0C992BBE77A4EF90741F4400A9B551AB291CF34DE04C791
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC6340 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 272COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AC6605
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AC6623
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AC662E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                            • String ID: list too long
                                                                                                                                                                                            • API String ID: 2334871359-1124181908
                                                                                                                                                                                            • Opcode ID: be3b4f8f5dff7d5b12c03457db35640793620d95f2f9c7882abf65e640eef101
                                                                                                                                                                                            • Instruction ID: 1e41510998c72ce0832760834fd3eb42460c3c300f0ff7b6d6e3976036429a42
                                                                                                                                                                                            • Opcode Fuzzy Hash: be3b4f8f5dff7d5b12c03457db35640793620d95f2f9c7882abf65e640eef101
                                                                                                                                                                                            • Instruction Fuzzy Hash: 82B139B1E00208DFDB14DFA8D981B9DBBF5FF49310F15816AE909AB391E7709904CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC0200 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00AC04E1
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00AC04F0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                            • String ID: at line $, column
                                                                                                                                                                                            • API String ID: 4194217158-191570568
                                                                                                                                                                                            • Opcode ID: 7aafa2c46486ec5760ecbcf259890852cdaccb0b209edfdf0952c1a6529e46de
                                                                                                                                                                                            • Instruction ID: b07e4c72297cfd888947d462a851aad70288d7008bf7524e613a82be2e7953e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7aafa2c46486ec5760ecbcf259890852cdaccb0b209edfdf0952c1a6529e46de
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E910471A002089FDB18CF68CD85FEEB7B5EF45300F1582ADE459A7781E770AA85CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACE870 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Mtx_unlock
                                                                                                                                                                                            • String ID: list too long
                                                                                                                                                                                            • API String ID: 1418687624-1124181908
                                                                                                                                                                                            • Opcode ID: adaf879d9fbfd4b51a209b575f5c11fd47d0b4fb763e9a8fcc4d60c271c07e3b
                                                                                                                                                                                            • Instruction ID: eea0f6b077663b4a7a41f6205929fdfe878cbe3798f201628ab71cdf318e3392
                                                                                                                                                                                            • Opcode Fuzzy Hash: adaf879d9fbfd4b51a209b575f5c11fd47d0b4fb763e9a8fcc4d60c271c07e3b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3151F5729042999FDB00CF64C950BEAFBB4FF45354F1882AEE9959B342D731A905CBE0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC68C0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 190COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AC6A56
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AC6A89
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AC6A90
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_unlock
                                                                                                                                                                                            • String ID: 2
                                                                                                                                                                                            • API String ID: 2334871359-450215437
                                                                                                                                                                                            • Opcode ID: 3b176def3c3eb7236812a2da02ef9869bd74bb92006f8d9c465aa7a07d779786
                                                                                                                                                                                            • Instruction ID: e3105158fcfec47a1b6a20a32f14c29deb7521e868ace401f6293c220be0346d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b176def3c3eb7236812a2da02ef9869bd74bb92006f8d9c465aa7a07d779786
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D517975A002199FCB14DFA8C991EAEB7F9EB48350F15816EE855EB391DB30ED01CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC29F0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 187COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00AC2B45
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00AC2BDF
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00AC2C06
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                            • String ID: ange
                                                                                                                                                                                            • API String ID: 2659868963-4159947239
                                                                                                                                                                                            • Opcode ID: 5fe0dea14036337df4184ed2e26e4dc628d6939be6234c53bacb41d6b2aa1532
                                                                                                                                                                                            • Instruction ID: ec510e476b16637a84714b38e7986eca51606024bde3b4432ecc074357658ffc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5fe0dea14036337df4184ed2e26e4dc628d6939be6234c53bacb41d6b2aa1532
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2461CFB2D102089FCB04DF68D885B9EF7F5FF95310F24825AE419A7741E770AA94CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE477D Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 154nativeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetPriorityClass.KERNEL32(?,?), ref: 00AE47A5
                                                                                                                                                                                            • NtQueryInformationProcess.NTDLL(?,00000027,?,00000004,?), ref: 00AE4934
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • GetLastError.KERNEL32(Error), ref: 00AE483D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$ClassErrorFindHeapInformationLastPriorityQueryResource
                                                                                                                                                                                            • String ID: Error$GetPriorityClass failed.
                                                                                                                                                                                            • API String ID: 1955618286-3043193832
                                                                                                                                                                                            • Opcode ID: dd281056730106816b7d7c3828db4b03924701ec8f9bce298a0f0e2dcda7144a
                                                                                                                                                                                            • Instruction ID: 0fbc17e9389317193b2a2a914e888745b3b01784dca1d81ac44a467b6d644c47
                                                                                                                                                                                            • Opcode Fuzzy Hash: dd281056730106816b7d7c3828db4b03924701ec8f9bce298a0f0e2dcda7144a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4851E170E01289CBEB14DFB4C915B9DB7B8FF50304F14829CE905AB292EB749E44CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0A714 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00B0A71B
                                                                                                                                                                                              • Part of subcall function 00B04EC6: _Maklocstr.LIBCPMT ref: 00B04EE6
                                                                                                                                                                                              • Part of subcall function 00B04EC6: _Maklocstr.LIBCPMT ref: 00B04F03
                                                                                                                                                                                              • Part of subcall function 00B04EC6: _Maklocstr.LIBCPMT ref: 00B04F20
                                                                                                                                                                                              • Part of subcall function 00B04EC6: _Maklocchr.LIBCPMT ref: 00B04F32
                                                                                                                                                                                              • Part of subcall function 00B04EC6: _Maklocchr.LIBCPMT ref: 00B04F45
                                                                                                                                                                                            • _Mpunct.LIBCPMT ref: 00B0A7A8
                                                                                                                                                                                            • _Mpunct.LIBCPMT ref: 00B0A7C2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Maklocstr$MaklocchrMpunct$H_prolog3
                                                                                                                                                                                            • String ID: $+xv
                                                                                                                                                                                            • API String ID: 2939335142-1686923651
                                                                                                                                                                                            • Opcode ID: c3e104f6f75126b30cc276f6ae0b90d8bf8ee1f6339e2eeb94c447c4fb873b7a
                                                                                                                                                                                            • Instruction ID: e6cf07c79359e38ca30cbbbfa06569edae5b4643aabcb9032999d71ef673dcbe
                                                                                                                                                                                            • Opcode Fuzzy Hash: c3e104f6f75126b30cc276f6ae0b90d8bf8ee1f6339e2eeb94c447c4fb873b7a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F2192B1904B55AED725DF74C48067BBEF8AB08300F044A9AF459C7A81E734EA45CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B129D5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Mpunct$H_prolog3
                                                                                                                                                                                            • String ID: $+xv
                                                                                                                                                                                            • API String ID: 4281374311-1686923651
                                                                                                                                                                                            • Opcode ID: 2b5032af13aa1db9c7abd64c57d12e2d1bd77c42ed8aaecc3219da79cba42144
                                                                                                                                                                                            • Instruction ID: fe7871bee8fedf57e02f471c9ea26bc5558056633b0ca607c4ba44c3fedbc20a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b5032af13aa1db9c7abd64c57d12e2d1bd77c42ed8aaecc3219da79cba42144
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F21B2B1900B52AEDB21DF74C4807BBBEE8AF09300F44099AF459C7A41E730E655CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B353DC Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetConsoleOutputCP.KERNEL32(B994DF4A,00000000,00000000,?), ref: 00B3543F
                                                                                                                                                                                              • Part of subcall function 00B2D3C7: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,00B2DDFA,?,00000000,-00000008), ref: 00B2D428
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00B35691
                                                                                                                                                                                            • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00B356D7
                                                                                                                                                                                            • GetLastError.KERNEL32 ref: 00B3577A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2112829910-0
                                                                                                                                                                                            • Opcode ID: 2ad6cf35ee948015873cbe8f8baa1d950028939321a187432b64c689a8dc29e2
                                                                                                                                                                                            • Instruction ID: 282d030a00de4187b91a829b4e6be3d8c340da220ec366cc3b03f0bc6f680e59
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad6cf35ee948015873cbe8f8baa1d950028939321a187432b64c689a8dc29e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5CD16875D00658DFCB25CFA8D880AEDBBF5FF09310F2845AAE556EB351DA30A941CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B078A5 Relevance: 6.3, APIs: 4, Instructions: 319COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 838279627-0
                                                                                                                                                                                            • Opcode ID: b9b891b01d692e278c02c6196ed2bdf86fc872fbbbef288501861bb6a413c391
                                                                                                                                                                                            • Instruction ID: 5674ae50745635968e000a9accf2f34be603d14beadecf9a5214c466c91c52a2
                                                                                                                                                                                            • Opcode Fuzzy Hash: b9b891b01d692e278c02c6196ed2bdf86fc872fbbbef288501861bb6a413c391
                                                                                                                                                                                            • Instruction Fuzzy Hash: B8C13871D042499FDF14DF98C984AEEBBF9EF48310F14409AE805AB291DB30AE55CBA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B00FB1 Relevance: 6.3, APIs: 4, Instructions: 316COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _strcspn$H_prolog3_ctype
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 838279627-0
                                                                                                                                                                                            • Opcode ID: e7f23f4dc8488a3935b1284476d57ec4e7558452a007954e2b840b081f1d0181
                                                                                                                                                                                            • Instruction ID: 058f5da928c5162d57160eda77988231361eb67421a2c8721757baa94d763826
                                                                                                                                                                                            • Opcode Fuzzy Hash: e7f23f4dc8488a3935b1284476d57ec4e7558452a007954e2b840b081f1d0181
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9FC12871900249AFDF19DF98C981AEEBFF9EF48310F144499E905BB291D730AE45CB61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE6940 Relevance: 6.3, APIs: 4, Instructions: 311processCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AE6ED0: std::_Lockit::_Lockit.LIBCPMT ref: 00AE6F2F
                                                                                                                                                                                              • Part of subcall function 00AE6ED0: std::_Lockit::_Lockit.LIBCPMT ref: 00AE6F51
                                                                                                                                                                                              • Part of subcall function 00AE6ED0: std::_Lockit::~_Lockit.LIBCPMT ref: 00AE6F71
                                                                                                                                                                                              • Part of subcall function 00AE6ED0: std::_Lockit::~_Lockit.LIBCPMT ref: 00AE6FAA
                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00AE6BA2
                                                                                                                                                                                            • Process32FirstW.KERNEL32(?,0000022C), ref: 00AE6BE4
                                                                                                                                                                                              • Part of subcall function 00AE6B50: Process32NextW.KERNEL32(?,0000022C), ref: 00AE6CDB
                                                                                                                                                                                              • Part of subcall function 00AE6B50: CloseHandle.KERNEL32(?), ref: 00AE6CEF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 955751528-0
                                                                                                                                                                                            • Opcode ID: de58423259917428dd03df26ef801e5b3b8cbfce34754f38856afc826da01291
                                                                                                                                                                                            • Instruction ID: 5e986661bf5a29588161f9ce15e8e7f9b278aa30846b469056119ca0e9293f16
                                                                                                                                                                                            • Opcode Fuzzy Hash: de58423259917428dd03df26ef801e5b3b8cbfce34754f38856afc826da01291
                                                                                                                                                                                            • Instruction Fuzzy Hash: BBB11631D001589FDB24DF69CC49BEEB7B4EF54314F2486A9E819A7291DB34AE44CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AD0660 Relevance: 6.2, APIs: 4, Instructions: 196COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorMtx_unlockThrow_std::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2243708590-0
                                                                                                                                                                                            • Opcode ID: 370a2cc5447c8d04c7321379bff25abd93dd2af20c24367105cbbe80b11e7e13
                                                                                                                                                                                            • Instruction ID: 5d0b7d0e61edb619e827935d138c8de7d806fd8651eb49e80a1b0c6e0c1cdd18
                                                                                                                                                                                            • Opcode Fuzzy Hash: 370a2cc5447c8d04c7321379bff25abd93dd2af20c24367105cbbe80b11e7e13
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E61C171A012499FCB14DF68C981FAEFBF4EF44724F14825EE91A9B381DB75A900CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B18E91 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AdjustPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1740715915-0
                                                                                                                                                                                            • Opcode ID: 80bb54cf3b2f3345c5a58a0101e5ed35fa0b52d17c6d5272cd5055184f39f4e7
                                                                                                                                                                                            • Instruction ID: b8e949f349be83d3abe3bb9969622c46af3e892514776ac99f5950901bb078d7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 80bb54cf3b2f3345c5a58a0101e5ed35fa0b52d17c6d5272cd5055184f39f4e7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9251F572A00606AFDB298F54D841BFAB7E6FF54710F9448ADE90587690EB31EDC2C790
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AED040 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AED1C7
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AED1CC
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AED1D1
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AED1D6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 118556049-0
                                                                                                                                                                                            • Opcode ID: 2d00396ccf1859deece2772bd0fe0e4d0151044187216616d6425c4b147def21
                                                                                                                                                                                            • Instruction ID: c332cdd50695507ab3163e4a410f5fea77ced0c226a50caebb01b3f925c8019b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d00396ccf1859deece2772bd0fe0e4d0151044187216616d6425c4b147def21
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E51BDB2600255DFCB14DF2AC480AA9B7E5FF98311B25C26AEC99CB352D731ED51CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2C77B Relevance: 6.1, APIs: 4, Instructions: 132COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: f68eeffd05e98a40588f017e5299ede7b6a2d0fc1f27f3d25c5337712cff403b
                                                                                                                                                                                            • Instruction ID: c9c77929b2044e377a767841e9d173848b32b13aa36a627517bb3ff6adc3acad
                                                                                                                                                                                            • Opcode Fuzzy Hash: f68eeffd05e98a40588f017e5299ede7b6a2d0fc1f27f3d25c5337712cff403b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D41E6B2A00354AFD7249F78EC41BAEBFE9EB44710F1085AAF059DB691D771AD418B80
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE6B50 Relevance: 6.1, APIs: 4, Instructions: 132processCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00AE6BA2
                                                                                                                                                                                            • Process32FirstW.KERNEL32(?,0000022C), ref: 00AE6BE4
                                                                                                                                                                                            • Process32NextW.KERNEL32(?,0000022C), ref: 00AE6CDB
                                                                                                                                                                                              • Part of subcall function 00AE4160: OpenProcess.KERNEL32(00000410,00000000,80004005,B994DF4A,00000000,74DEF550,?,?,00000000,00B3B98D,000000FF,?,80004005,80004005,?,?), ref: 00AE4190
                                                                                                                                                                                            • CloseHandle.KERNEL32(?), ref: 00AE6CEF
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextOpenProcessSnapshotToolhelp32
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1181503618-0
                                                                                                                                                                                            • Opcode ID: f1a65953eff1febfd1e30b9d3d455387da97fb7214a56bae9ffd902742c56ffa
                                                                                                                                                                                            • Instruction ID: 537b56eae986f690b5bf233639197fc685984b93a23b761697a97359bfa3fe4a
                                                                                                                                                                                            • Opcode Fuzzy Hash: f1a65953eff1febfd1e30b9d3d455387da97fb7214a56bae9ffd902742c56ffa
                                                                                                                                                                                            • Instruction Fuzzy Hash: A651F5319016589BDF20DF65CC48F9EB7B8FF54354F2445A9E818A7290DB34AE84CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC8010 Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorMtx_unlockThrow_std::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2243708590-0
                                                                                                                                                                                            • Opcode ID: c6fddfa5b10831315d015548efd19bd6f1efb8299f20544291566e67db3b56fb
                                                                                                                                                                                            • Instruction ID: 612481e99b9cefd0ebe15b2f1601769fe081986fbf6c544e6b81b4073e70ef54
                                                                                                                                                                                            • Opcode Fuzzy Hash: c6fddfa5b10831315d015548efd19bd6f1efb8299f20544291566e67db3b56fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: B241D271A01249DFDB04DFA8C945BAEBBF4FF04314F14829DE9199B381DB35AA05CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACC4D0 Relevance: 6.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00ACC551
                                                                                                                                                                                              • Part of subcall function 00ACD260: WinHttpConnect.WINHTTP(?,?,000001BB,00000000,B994DF4A,00000000,00000010,?,00000000,00000010,?,?,?,?,?,00B3A695), ref: 00ACD2B2
                                                                                                                                                                                              • Part of subcall function 00ACD260: GetTickCount64.KERNEL32 ref: 00ACD2F3
                                                                                                                                                                                              • Part of subcall function 00ACD260: WinHttpOpenRequest.WINHTTP(?,GET,?,00000000,00000000,00000000,00800000), ref: 00ACD334
                                                                                                                                                                                              • Part of subcall function 00ACD260: WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00ACD355
                                                                                                                                                                                              • Part of subcall function 00ACD260: WinHttpCloseHandle.WINHTTP(00000000,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD366
                                                                                                                                                                                              • Part of subcall function 00ACD260: WinHttpCloseHandle.WINHTTP(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000010), ref: 00ACD36B
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00ACC5BC
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACC623
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00ACC631
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Http$CloseCpp_errorHandleMtx_unlockThrow_std::_$ConnectCount64OpenRequestTickTimeouts
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 186550968-0
                                                                                                                                                                                            • Opcode ID: 8fd235d48f020c08e91411a00a77f0b33479214504593f10528cd289860015a3
                                                                                                                                                                                            • Instruction ID: b60bb8e707e0714d12fdc81e7b84b9ebf5db37822b418ddcd22722f6a076b6eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8fd235d48f020c08e91411a00a77f0b33479214504593f10528cd289860015a3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4341B472A006088FCB14DF69C981F6AB3B4EF15324F06466DE82A977D2EB34E904CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AD3860 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AD38A4
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AD38EC
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00AD3921
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AD39B6
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Lockit$Locinfo_ctorLocinfo_dtorLockit::_Lockit::~_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1143662833-0
                                                                                                                                                                                            • Opcode ID: 5d1321f0a57d6fe246ef331be46b061700fd66404787d28c91d674cfc56b553d
                                                                                                                                                                                            • Instruction ID: 6a33e7e2727cced8d10616d15799a5fc866c0cbe5ac1633f5c93346fe66d175a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d1321f0a57d6fe246ef331be46b061700fd66404787d28c91d674cfc56b553d
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB413FB1D003989BDF10DFE4C945B9EBBF8AF18304F14456AE859EB381EB74A644CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE1820 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE1A17
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE1A22
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2134207285-0
                                                                                                                                                                                            • Opcode ID: 55d63b7cda59ac5e31e881efff3f2042341bf51abd558acb8099a487c635c14f
                                                                                                                                                                                            • Instruction ID: a0750fc07237a5270cee1fac5480db2dd840ace4eb53ecfcad368c193134f787
                                                                                                                                                                                            • Opcode Fuzzy Hash: 55d63b7cda59ac5e31e881efff3f2042341bf51abd558acb8099a487c635c14f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6621DEB190064CABD710EFA58D01FA7FBECEB15710F004669FA24A7691EB30A9148F61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AEEBD0 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AEEC18
                                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 00AEEC60
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AEEC7C
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AEEC87
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_destroy_in_situMtx_unlock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3678914369-0
                                                                                                                                                                                            • Opcode ID: 73ac313d5d9537df04e7049770bbbf2bb53c468777d9e85e1ac56b93b030cc65
                                                                                                                                                                                            • Instruction ID: 753e65d300cab434ed38d7d8321cbf2c8210213eea5cd5e3485009656936d70f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 73ac313d5d9537df04e7049770bbbf2bb53c468777d9e85e1ac56b93b030cc65
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD1108726006449BDB10EF55DD42F6A77E8EF41710F144264FD159B3A2EB31ED058AA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE1745 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AE1777
                                                                                                                                                                                            • __Mtx_destroy_in_situ.LIBCPMT ref: 00AE177D
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE1801
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE180C
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_$Mtx_destroy_in_situMtx_unlock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3678914369-0
                                                                                                                                                                                            • Opcode ID: d0d8c53a35b7d70c14490f382e7c54a0c0b1cb830fa5146693aedd6759222471
                                                                                                                                                                                            • Instruction ID: 990c5d10cbf64f1d87cd6446c8f627726ebb4f883bf3ba19d31874219e522796
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0d8c53a35b7d70c14490f382e7c54a0c0b1cb830fa5146693aedd6759222471
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9121DF726002448FEB08EF79DA96B6E73A1EF00710F544668F916CB296EB34E9518F91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B254F1 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 392597b8b1f6aec7a730e2a11067159f1db183bca0f428492e2766c6f170e677
                                                                                                                                                                                            • Instruction ID: b0e493ca966556d46fe149b35fce667685aa1c41a745ef94c87261ea8550aada
                                                                                                                                                                                            • Opcode Fuzzy Hash: 392597b8b1f6aec7a730e2a11067159f1db183bca0f428492e2766c6f170e677
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B21C372600A29AFDB30AF60EC80AAA77EAFF143647508595F95DC7250E770ED408BA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFF13B Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AFF09C: GetModuleHandleExW.KERNEL32(00000002,00000000,?,?,?,00AFF0EE,00000014,?,00AFF12F,00000014,?,00AC9285,00000000,00000014,?,B994DF4A), ref: 00AFF0A8
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AFF17C
                                                                                                                                                                                            • FreeLibraryWhenCallbackReturns.KERNEL32(?,00000000,B994DF4A,?,?,?,00B386D0,000000FF), ref: 00AFF1A2
                                                                                                                                                                                            • __Mtx_unlock.LIBCPMT ref: 00AFF1D8
                                                                                                                                                                                            • __Cnd_broadcast.LIBCPMT ref: 00AFF1E7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Mtx_unlock$CallbackCnd_broadcastFreeHandleLibraryModuleReturnsWhen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 420990631-0
                                                                                                                                                                                            • Opcode ID: 87c62946877246798f2e7a6e5d262cb615d8aadab1da25c6735fefb733db0d9d
                                                                                                                                                                                            • Instruction ID: ed17675124e22b1321f9cda5b30905dad8b5f791bfa219952fbceed48bc9c5b6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 87c62946877246798f2e7a6e5d262cb615d8aadab1da25c6735fefb733db0d9d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4011EF32600709AFCB256BA1DD02B3FB7A5EF50B22B10416AFA15873A1DF35E8008658
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B24124 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,?,00B23FC6,00000000,00000004,00000000), ref: 00B24173
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00B5BB3C,?,?,?,00AF17C9,00AF15E0,00000000,?), ref: 00B2417F
                                                                                                                                                                                            • __dosmaperr.LIBCMT ref: 00B24186
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateErrorLastThread__dosmaperr
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2744730728-0
                                                                                                                                                                                            • Opcode ID: 38851b5fbd183e40678b12437bc770e775ebf5ca3b06d8bcc7a75b49da78b2c2
                                                                                                                                                                                            • Instruction ID: 1065165a5f83e04e5011152550388882ae60abc05bca810201776910707ab22b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 38851b5fbd183e40678b12437bc770e775ebf5ca3b06d8bcc7a75b49da78b2c2
                                                                                                                                                                                            • Instruction Fuzzy Hash: B7014932801214BBDB10ABA4EC09B9E7EF8EF91772F104284F628A31D0EB709A80D750
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACB1D0 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Window$ActiveCursorForegroundFromPoint
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4205958593-0
                                                                                                                                                                                            • Opcode ID: 0004d8b88551970c12d073afd90af40e5eed70f3c7a67b37bfc590d6331a53f6
                                                                                                                                                                                            • Instruction ID: 538268c999f70368ea6f6782a550ac6cc5ea1be7501cb153689d252df8c05730
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0004d8b88551970c12d073afd90af40e5eed70f3c7a67b37bfc590d6331a53f6
                                                                                                                                                                                            • Instruction Fuzzy Hash: D801D037D102185BCB20AFA9A8859EDF7BDFF45321F1642A9ED14E3211DB328D4557A0
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AE3AF0 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3C90
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3C9B
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3CA2
                                                                                                                                                                                            • std::_Throw_Cpp_error.LIBCPMT ref: 00AE3CAD
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cpp_errorThrow_std::_
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2134207285-0
                                                                                                                                                                                            • Opcode ID: 843d7e8f7e58c464492343064fba6fcf5a0cf7732686eeb0729d9ed704395bc9
                                                                                                                                                                                            • Instruction ID: b02f5373e7a2d5795030f0d5585f6df42ca218fe2b0b529eab12fa8dfce1bc27
                                                                                                                                                                                            • Opcode Fuzzy Hash: 843d7e8f7e58c464492343064fba6fcf5a0cf7732686eeb0729d9ed704395bc9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 55F0967194078CABD700EFF58E42F6BBAACEB05710F004629FA14E7992E67596004F65
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFF5DD Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3.LIBCMT ref: 00AFF5E4
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AFF5EF
                                                                                                                                                                                            • std::_Lockit::~_Lockit.LIBCPMT ref: 00AFF65D
                                                                                                                                                                                              • Part of subcall function 00AFF76F: std::locale::_Locimp::_Locimp.LIBCPMT ref: 00AFF787
                                                                                                                                                                                            • std::locale::_Setgloballocale.LIBCPMT ref: 00AFF60A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_Setgloballocale
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 677527491-0
                                                                                                                                                                                            • Opcode ID: a4af38b9f32a2d03f9d0ffe6d0c4d03156063b882047394e38a54ef1dc509bdd
                                                                                                                                                                                            • Instruction ID: 6aabaab56829be7b31678723f84223f0ebd7c9406e9a992e3a45967c41dacdef
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4af38b9f32a2d03f9d0ffe6d0c4d03156063b882047394e38a54ef1dc509bdd
                                                                                                                                                                                            • Instruction Fuzzy Hash: E501DA35A00225DFDB06FB60C88167DBBA1FF88350B1840A9EA0197390CF34AB42CBC5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B377DA Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00B36B1E,00000000,00000001,00000000,?,?,00B357CE,?,00000000,00000000), ref: 00B377F1
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00B36B1E,00000000,00000001,00000000,?,?,00B357CE,?,00000000,00000000,?,?,?,00B35D71,00000000), ref: 00B377FD
                                                                                                                                                                                              • Part of subcall function 00B377C3: CloseHandle.KERNEL32(FFFFFFFE,00B3780D,?,00B36B1E,00000000,00000001,00000000,?,?,00B357CE,?,00000000,00000000,?,?), ref: 00B377D3
                                                                                                                                                                                            • ___initconout.LIBCMT ref: 00B3780D
                                                                                                                                                                                              • Part of subcall function 00B37785: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00B377B4,00B36B0B,?,?,00B357CE,?,00000000,00000000,?), ref: 00B37798
                                                                                                                                                                                            • WriteConsoleW.KERNEL32(00000000,?,00000000,00000000,?,00B36B1E,00000000,00000001,00000000,?,?,00B357CE,?,00000000,00000000,?), ref: 00B37822
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2744216297-0
                                                                                                                                                                                            • Opcode ID: e2656d79c05f89ce2398cba5e21a36ebdea69d03771b0ccb541fdb84e5983827
                                                                                                                                                                                            • Instruction ID: ffa1ec218cdf6f18ad42268e37acd068c58d96cf7a3bfd009489068c2e34eccb
                                                                                                                                                                                            • Opcode Fuzzy Hash: e2656d79c05f89ce2398cba5e21a36ebdea69d03771b0ccb541fdb84e5983827
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59F01C3A550119FBCF222FA1DC08E893FA6FF093A1F104090FF1886220EE328920DB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AC0510 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 328COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00AC090B
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                            • String ID: parse error$ror
                                                                                                                                                                                            • API String ID: 2659868963-4201802366
                                                                                                                                                                                            • Opcode ID: 54ab0030fbb0ebd9fb0e8c90e9fefe32e78824f7a631dd83783c65ef36aaace6
                                                                                                                                                                                            • Instruction ID: fc81a804d0ba32fd95fd6958b8e8d0a97f78ac6e73cf66ed58ed63ef78cfaabe
                                                                                                                                                                                            • Opcode Fuzzy Hash: 54ab0030fbb0ebd9fb0e8c90e9fefe32e78824f7a631dd83783c65ef36aaace6
                                                                                                                                                                                            • Instruction Fuzzy Hash: F0D19D71900248DFEB18CF68CD85F9DBBB1BF45300F25829CE419AB792D774AA85CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B2282E Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __aulldiv
                                                                                                                                                                                            • String ID: +$-
                                                                                                                                                                                            • API String ID: 3732870572-2137968064
                                                                                                                                                                                            • Opcode ID: f15d4460fdbdfde5980bcc3a779d8cf7de189c8abcd560745487c464b82f5d43
                                                                                                                                                                                            • Instruction ID: d292264aea78163783aa5be18980c8e31a99dcd2fc5d9ab7d0c3f77822922157
                                                                                                                                                                                            • Opcode Fuzzy Hash: f15d4460fdbdfde5980bcc3a779d8cf7de189c8abcd560745487c464b82f5d43
                                                                                                                                                                                            • Instruction Fuzzy Hash: A8A19330E40269BEDF24CF6898516FE7BE1EF56320F1485E9ECA9DB291D234D9428B50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ADFD90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_copy.LIBVCRUNTIME ref: 00ADFF29
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_copy
                                                                                                                                                                                            • String ID: ios_base::failbit set$iostream
                                                                                                                                                                                            • API String ID: 2659868963-302468714
                                                                                                                                                                                            • Opcode ID: 4bc8a1f5484117f089990aa647b30c0a79e735b4b846979c785d7ff05ca6f5bc
                                                                                                                                                                                            • Instruction ID: 003b81c3d23ed4e8d5c02ffd1dcc7d5571e7bfe6c44278ec10b04bada25f6f11
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bc8a1f5484117f089990aa647b30c0a79e735b4b846979c785d7ff05ca6f5bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: AAA18E71D102489FDB04CFA8C885BAEFBB5FF49310F54826EE816AB791D770A941CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ABCA5B Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 270COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: array
                                                                                                                                                                                            • API String ID: 0-2701979319
                                                                                                                                                                                            • Opcode ID: ce20af89e91aaa2d64c6047958517d42bdc714fbaecf70e3512b72c04ce59f2d
                                                                                                                                                                                            • Instruction ID: faa9906c8ead917e51d703da681b9d7fd78bf4be329d5ae1207a5fb4e46f1f3e
                                                                                                                                                                                            • Opcode Fuzzy Hash: ce20af89e91aaa2d64c6047958517d42bdc714fbaecf70e3512b72c04ce59f2d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1BB16D75D002588FDB19CB64C894BEDBBB9BF45310F1482DAE449A7742EB30AAC4CF61
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ABCCB6 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: array
                                                                                                                                                                                            • API String ID: 0-2701979319
                                                                                                                                                                                            • Opcode ID: 4acb62ea93304fc53ad11a697a34aeb61eecbf306164e0cc931abd1a67a1363d
                                                                                                                                                                                            • Instruction ID: 5629387ece309185169371471454306bce7dcd354b419d7cb270f3016268d83a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4acb62ea93304fc53ad11a697a34aeb61eecbf306164e0cc931abd1a67a1363d
                                                                                                                                                                                            • Instruction Fuzzy Hash: C0B17E75D002598FDB19CB64CC84BEDBBB9BF49310F1482D9E449A7742EB30AA84CF51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ABCE07 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: array
                                                                                                                                                                                            • API String ID: 0-2701979319
                                                                                                                                                                                            • Opcode ID: 38632240d16be54b11ad3b0b4161cd3b40ea74e8b258f940f4fb13a4e5e95dfd
                                                                                                                                                                                            • Instruction ID: f780b54cdf903cb04f032864e3c200ab1cc8d17117b70809f65ccc9587fcb322
                                                                                                                                                                                            • Opcode Fuzzy Hash: 38632240d16be54b11ad3b0b4161cd3b40ea74e8b258f940f4fb13a4e5e95dfd
                                                                                                                                                                                            • Instruction Fuzzy Hash: B1B18075D012588FDB18CB68CC94BEDFBB9BF45310F148299E449A7782EB30AA85CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ABC97C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 245COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00ABD0A5
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00ABD0B8
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00ABDCB8
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00ABDCCB
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                            • String ID: array
                                                                                                                                                                                            • API String ID: 4194217158-2701979319
                                                                                                                                                                                            • Opcode ID: d0ce1c5c3edd897fa584f2058a554e0fefbead838194a97b747c004508d6edb5
                                                                                                                                                                                            • Instruction ID: a44dffa48a145b81316b87cfa2cb3d7d5fec6e0e9eacc9741ede2eb117d30637
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0ce1c5c3edd897fa584f2058a554e0fefbead838194a97b747c004508d6edb5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98A1C471E002588FDF18DB64CC94BEDBB79AF45310F148299E44AA7782EB349A85CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ABC9B9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: array
                                                                                                                                                                                            • API String ID: 0-2701979319
                                                                                                                                                                                            • Opcode ID: e1629a0642ba63381d353f49bd722529b14afd1bd57ba007a84ab8a3ca1d2369
                                                                                                                                                                                            • Instruction ID: d21f922855cbeb93f216c9fc58301fd710a795b4ea9945904df5ca6dfb4755c5
                                                                                                                                                                                            • Opcode Fuzzy Hash: e1629a0642ba63381d353f49bd722529b14afd1bd57ba007a84ab8a3ca1d2369
                                                                                                                                                                                            • Instruction Fuzzy Hash: AF81D671E002588FDB18DB68CC85BEDB779AF45310F1482A9E44AE7782EB349AC5CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ABCDF7 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00ABD0A5
                                                                                                                                                                                            • ___std_exception_destroy.LIBVCRUNTIME ref: 00ABD0B8
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ___std_exception_destroy
                                                                                                                                                                                            • String ID: array
                                                                                                                                                                                            • API String ID: 4194217158-2701979319
                                                                                                                                                                                            • Opcode ID: d1ea434bb2eb8e107400271273d2df11871694267ecfede858ca1058ea1f8021
                                                                                                                                                                                            • Instruction ID: 7c6d726fb6b7e2ed04d33e5768a7eba5a9cbf3e328f01a5af937a3cf82c68e01
                                                                                                                                                                                            • Opcode Fuzzy Hash: d1ea434bb2eb8e107400271273d2df11871694267ecfede858ca1058ea1f8021
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F61F771E002588FDF18DB78CC95BEDBB79AF45300F1482A9E406E7782EB349A85CB51
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B03BFC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __aulldiv
                                                                                                                                                                                            • String ID: -$0123456789abcdefghijklmnopqrstuvwxyz
                                                                                                                                                                                            • API String ID: 3732870572-1956417402
                                                                                                                                                                                            • Opcode ID: fc52c6184958958a7b8d3121cefcfa88666335054efcff08508f75c11a7b41c6
                                                                                                                                                                                            • Instruction ID: 9a930b3531b56644f0f2523853206de8f5771d7fda092951139d6fae3ac30a09
                                                                                                                                                                                            • Opcode Fuzzy Hash: fc52c6184958958a7b8d3121cefcfa88666335054efcff08508f75c11a7b41c6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3251C270A043499ADB348F6D84997BEBFEDEF46B10F1441EAE491E7280C2748B828B50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFC090 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • Concurrency::cancel_current_task.LIBCPMT ref: 00AFC260
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Concurrency::cancel_current_task
                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                            • API String ID: 118556049-2658103896
                                                                                                                                                                                            • Opcode ID: be01c8d99da21b62f9d5d17de64e4d5c29e71307eecbac3d3e2d3bfc3a89bf00
                                                                                                                                                                                            • Instruction ID: 9a9124d50180b14204d4e45c95fd6d89db39e927b71614191c15f1b2f925b127
                                                                                                                                                                                            • Opcode Fuzzy Hash: be01c8d99da21b62f9d5d17de64e4d5c29e71307eecbac3d3e2d3bfc3a89bf00
                                                                                                                                                                                            • Instruction Fuzzy Hash: 11519F71D0031C9BDB10DFA4C941BEEB7B8EF09314F14826AF905AB641E775A989CB91
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0F2CF Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B0F2D6
                                                                                                                                                                                            • swprintf.LIBCMT ref: 00B0F34E
                                                                                                                                                                                              • Part of subcall function 00B06711: __EH_prolog3.LIBCMT ref: 00B06718
                                                                                                                                                                                              • Part of subcall function 00B06711: std::_Lockit::_Lockit.LIBCPMT ref: 00B06722
                                                                                                                                                                                              • Part of subcall function 00B06711: int.LIBCPMT ref: 00B06739
                                                                                                                                                                                              • Part of subcall function 00B04284: _wmemset.LIBCMT ref: 00B042AE
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3H_prolog3_LockitLockit::__wmemsetstd::_swprintf
                                                                                                                                                                                            • String ID: %.0Lf
                                                                                                                                                                                            • API String ID: 2528782737-1402515088
                                                                                                                                                                                            • Opcode ID: 4952df0b36dc1f002fa5ec01647a7d8203a9ff432e0154970936b7f46c4443a4
                                                                                                                                                                                            • Instruction ID: 56bb18c0c71c05d034f8e476add821b9cd48ab6b76076b35d3ac101098feb6c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4952df0b36dc1f002fa5ec01647a7d8203a9ff432e0154970936b7f46c4443a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 76514972E00209EBCF05DFE4D884AEDBBB9FF08310F108459E506AB2A5DB359955CF54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0F5C8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 164COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B0F5CF
                                                                                                                                                                                            • swprintf.LIBCMT ref: 00B0F647
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::_Lockit.LIBCPMT ref: 00ADDE4D
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::_Lockit.LIBCPMT ref: 00ADDE70
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00ADDE90
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00ADDF1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3_swprintf
                                                                                                                                                                                            • String ID: %.0Lf
                                                                                                                                                                                            • API String ID: 898875175-1402515088
                                                                                                                                                                                            • Opcode ID: f2a6a48fbf9b8747e1f858a406d821e6a527feb81725a6b4da290023de40ac36
                                                                                                                                                                                            • Instruction ID: 9be3ddbe7db6f81ab07681deac8f942f601f4eb2f725fa1254b4628a409eb53a
                                                                                                                                                                                            • Opcode Fuzzy Hash: f2a6a48fbf9b8747e1f858a406d821e6a527feb81725a6b4da290023de40ac36
                                                                                                                                                                                            • Instruction Fuzzy Hash: AA515872E00209ABCF09DFE4D884AEDBBB9FF08300F108559E506AB2A5DB359955CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B142A9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 162COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B142B0
                                                                                                                                                                                            • swprintf.LIBCMT ref: 00B14328
                                                                                                                                                                                              • Part of subcall function 00B00B9B: __EH_prolog3.LIBCMT ref: 00B00BA2
                                                                                                                                                                                              • Part of subcall function 00B00B9B: std::_Lockit::_Lockit.LIBCPMT ref: 00B00BAC
                                                                                                                                                                                              • Part of subcall function 00B00B9B: int.LIBCPMT ref: 00B00BC3
                                                                                                                                                                                              • Part of subcall function 00B00B9B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B00C1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_swprintf
                                                                                                                                                                                            • String ID: %.0Lf
                                                                                                                                                                                            • API String ID: 2994408256-1402515088
                                                                                                                                                                                            • Opcode ID: 23685b2beb8fc37b006f48d45e70cea53d3bfb706fe6c39d45d9abc930fa00f1
                                                                                                                                                                                            • Instruction ID: 411002291d598b8ee2b06346b9e9b7b9350dd26dd40372982a75b68be808b333
                                                                                                                                                                                            • Opcode Fuzzy Hash: 23685b2beb8fc37b006f48d45e70cea53d3bfb706fe6c39d45d9abc930fa00f1
                                                                                                                                                                                            • Instruction Fuzzy Hash: CF514572D00208EBCF09EFE4D884ADDBBB9FB08300F508459E516AB2A5DB359995CF90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00ACC250 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AB3800: GetProcessHeap.KERNEL32 ref: 00AB382C
                                                                                                                                                                                              • Part of subcall function 00AB2940: FindResourceW.KERNEL32(00000000,?,00000006,?,?,?,?,B994DF4A,?,?,?,00000000,00B38670,000000FF,?,80004005), ref: 00AB297A
                                                                                                                                                                                            • WinHttpOpen.WINHTTP(00000000,00000000,00000000,00000000,00000000,WinHTTP 1.0), ref: 00ACC38F
                                                                                                                                                                                            • WinHttpSetTimeouts.WINHTTP(00000000,00002710,00002710,00002710,00002710), ref: 00ACC3B3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Http$FindHeapOpenProcessResourceTimeouts
                                                                                                                                                                                            • String ID: WinHTTP 1.0
                                                                                                                                                                                            • API String ID: 3179746780-2851767304
                                                                                                                                                                                            • Opcode ID: e168b548681314e666ac705c52da6ee729180a4b1775e15cd58a68aeb56890cb
                                                                                                                                                                                            • Instruction ID: eee4154aae569c19124b2c55b86b958efecf5d46b7ec00dd53086348b85c64ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: e168b548681314e666ac705c52da6ee729180a4b1775e15cd58a68aeb56890cb
                                                                                                                                                                                            • Instruction Fuzzy Hash: A141BE71525240AFE720EF69DD1AB4A7BF4EB01314F10859DEA049B3E2DFF995048B90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B1948D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • EncodePointer.KERNEL32(00000000,?), ref: 00B194B2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: EncodePointer
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 2118026453-2084237596
                                                                                                                                                                                            • Opcode ID: ba072b47a9e2fb5e942649977d0bac8c78ab067b912543f62ffa9efafabe7651
                                                                                                                                                                                            • Instruction ID: eaf4d69211be62b4dd7dd4c6f802d7939426d29829b7d160b36faddc1f741120
                                                                                                                                                                                            • Opcode Fuzzy Hash: ba072b47a9e2fb5e942649977d0bac8c78ab067b912543f62ffa9efafabe7651
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC416772900249AFCF16CF98C881AEEBBF6FF48304F548099FA05B7211D3359A91DB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B1417D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B14184
                                                                                                                                                                                              • Part of subcall function 00B00B9B: __EH_prolog3.LIBCMT ref: 00B00BA2
                                                                                                                                                                                              • Part of subcall function 00B00B9B: std::_Lockit::_Lockit.LIBCPMT ref: 00B00BAC
                                                                                                                                                                                              • Part of subcall function 00B00B9B: int.LIBCPMT ref: 00B00BC3
                                                                                                                                                                                              • Part of subcall function 00B00B9B: std::_Lockit::~_Lockit.LIBCPMT ref: 00B00C1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$H_prolog3H_prolog3_Lockit::_Lockit::~_
                                                                                                                                                                                            • String ID: 0123456789-$0123456789-
                                                                                                                                                                                            • API String ID: 2728201062-2494171821
                                                                                                                                                                                            • Opcode ID: e17baa056ed4a46a2f6807cea81dff0bab6453819cecac4fcb956258cd37710d
                                                                                                                                                                                            • Instruction ID: 04cc193c879ba6721f496b95f67b8f3fee73c4897cb96d0aa202d6b16597494d
                                                                                                                                                                                            • Opcode Fuzzy Hash: e17baa056ed4a46a2f6807cea81dff0bab6453819cecac4fcb956258cd37710d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B416D31D00209EFCF19DFA8D9819EEBBB5FF09310F50009AF812A7251DB359A86CB94
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0F1A1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B0F1A8
                                                                                                                                                                                              • Part of subcall function 00B06711: __EH_prolog3.LIBCMT ref: 00B06718
                                                                                                                                                                                              • Part of subcall function 00B06711: std::_Lockit::_Lockit.LIBCPMT ref: 00B06722
                                                                                                                                                                                              • Part of subcall function 00B06711: int.LIBCPMT ref: 00B06739
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3H_prolog3_LockitLockit::_std::_
                                                                                                                                                                                            • String ID: %.0Lf$0123456789-
                                                                                                                                                                                            • API String ID: 79917597-3094241602
                                                                                                                                                                                            • Opcode ID: ae0d57dde5b666b42464e8e1d4a8e91be0d98a6992cdde11070c1eb87fefc987
                                                                                                                                                                                            • Instruction ID: 9248a2f3a6253248aaee199537758e102a47782ac7ed1177cd035de631cdb013
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae0d57dde5b666b42464e8e1d4a8e91be0d98a6992cdde11070c1eb87fefc987
                                                                                                                                                                                            • Instruction Fuzzy Hash: FE413635A00219DFCF15DFA8D9809EDBFB5FF09310F5001AAF902AB2A5DB309A56CB54
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B0F49A Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __EH_prolog3_GS.LIBCMT ref: 00B0F4A1
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::_Lockit.LIBCPMT ref: 00ADDE4D
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::_Lockit.LIBCPMT ref: 00ADDE70
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00ADDE90
                                                                                                                                                                                              • Part of subcall function 00ADDE20: std::_Lockit::~_Lockit.LIBCPMT ref: 00ADDF1D
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Lockitstd::_$Lockit::_Lockit::~_$H_prolog3_
                                                                                                                                                                                            • String ID: 0123456789-$0123456789-
                                                                                                                                                                                            • API String ID: 2088892359-2494171821
                                                                                                                                                                                            • Opcode ID: 069dd4d11955c557d4dcc995244e1d0a0e294c7565a1b367d5ebde0c9df9276f
                                                                                                                                                                                            • Instruction ID: a05752f97ffcd74d85f523ebe5d000b90bca7c3bfed0a83195ba89c4de9b10f8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 069dd4d11955c557d4dcc995244e1d0a0e294c7565a1b367d5ebde0c9df9276f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6C414C31A00119DFCF15DFA8D9819EEBFB5FF19310F5401AAF802AB291DB309A56CB55
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B107B5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3___cftoe
                                                                                                                                                                                            • String ID: !%x
                                                                                                                                                                                            • API String ID: 855520168-1893981228
                                                                                                                                                                                            • Opcode ID: 353de26577037c373d93fcd295c6f7b3a2178c4435d056d3af620bfb9a1d44a6
                                                                                                                                                                                            • Instruction ID: 3b1dd67252ff2da7682c9abd51bd1bf6cbd09929300cd19c349e9a65b6ab5ade
                                                                                                                                                                                            • Opcode Fuzzy Hash: 353de26577037c373d93fcd295c6f7b3a2178c4435d056d3af620bfb9a1d44a6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C315971A10209EBDF10EFA4D981AEEB7F2FF48304F604069F805AB251D774AE95CB90
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AD36B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • std::_Lockit::_Lockit.LIBCPMT ref: 00AD36DB
                                                                                                                                                                                            • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00AD372A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                                                                                                                                            • String ID: bad locale name
                                                                                                                                                                                            • API String ID: 3988782225-1405518554
                                                                                                                                                                                            • Opcode ID: 5df6b0b7b26fc163373095396932ff490ece5943df9b62c60e6b806f74f08fb4
                                                                                                                                                                                            • Instruction ID: 76daf1d3d8d42234fd161a4c1417692f282810205cdd746cd22e5abb0910b09b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5df6b0b7b26fc163373095396932ff490ece5943df9b62c60e6b806f74f08fb4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E11AFB19047449FD330CF68D905B57BBE8EF19710F004A6EE899C7B80E7B4AA04CBA5
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFEB9A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __alloca_probe_16.LIBCMT ref: 00AFEC22
                                                                                                                                                                                            • RaiseException.KERNEL32(?,?,?,?), ref: 00AFEC47
                                                                                                                                                                                              • Part of subcall function 00B1738A: RaiseException.KERNEL32(E06D7363,00000001,00000003,?), ref: 00B173EA
                                                                                                                                                                                              • Part of subcall function 00B22C5F: IsProcessorFeaturePresent.KERNEL32(00000017,00B1A182,?,00B1A0F1,00000004,?,00B1A300,?,?,?,?,?,00000000,?,?), ref: 00B22C37
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionRaise$FeaturePresentProcessor__alloca_probe_16
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 1924019822-1018135373
                                                                                                                                                                                            • Opcode ID: b1a131725962969ac7c19da16afcaf3400eeb51296bf40a417059067f39e9bbb
                                                                                                                                                                                            • Instruction ID: a1c2d2dcf969e5c7bc72d5389f78cdcb7332a61b67e207591b2fabddf2848437
                                                                                                                                                                                            • Opcode Fuzzy Hash: b1a131725962969ac7c19da16afcaf3400eeb51296bf40a417059067f39e9bbb
                                                                                                                                                                                            • Instruction Fuzzy Hash: CB215932D0021CABCF24DFD8D945AAEB7B9EF44711F540459FA06AB260DB30AD46CBD1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00B015AA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: H_prolog3_
                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                            • API String ID: 2427045233-2658103896
                                                                                                                                                                                            • Opcode ID: 5b744a56041efa23391d5ce959cbe72101628e7b3811f06277854670e41c4802
                                                                                                                                                                                            • Instruction ID: 69100a193af50c994a88dd62480f4873fd5c24f94c12c3101571d4ddfb278416
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b744a56041efa23391d5ce959cbe72101628e7b3811f06277854670e41c4802
                                                                                                                                                                                            • Instruction Fuzzy Hash: CB119376D407489EC724EFB4D841B9ABBF4AF09300F04896AF1A29B691EB70E504CB50
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                            Function 00AFD92C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00AFC7A0: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,00AFD95B,75A8E8E0,80004005), ref: 00AFC7A5
                                                                                                                                                                                              • Part of subcall function 00AFC7A0: GetLastError.KERNEL32 ref: 00AFC7AF
                                                                                                                                                                                            • IsDebuggerPresent.KERNEL32(75A8E8E0,80004005), ref: 00AFD95F
                                                                                                                                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule), ref: 00AFD96E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00AFD969
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000011.00000002.2294455451.0000000000AB1000.00000020.00000001.01000000.00000017.sdmp, Offset: 00AB0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000011.00000002.2294426426.0000000000AB0000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294556715.0000000000B40000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294585555.0000000000B5B000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294641236.0000000000B5C000.00000008.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294699166.0000000000B5F000.00000004.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000011.00000002.2294731931.0000000000B61000.00000002.00000001.01000000.00000017.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_17_2_ab0000_fast!.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalDebugDebuggerErrorInitializeLastOutputPresentSectionString
                                                                                                                                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                            • API String ID: 3511171328-631824599
                                                                                                                                                                                            • Opcode ID: 00492ce84ebb6c34ff69e669461fe3839b9f4d4868272d3c5e8014b6b25cf246
                                                                                                                                                                                            • Instruction ID: 71f74cf79dce9c85a603f0d5a4600233c00671d5a187f1dd2222ddb5fc3e2d9d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 00492ce84ebb6c34ff69e669461fe3839b9f4d4868272d3c5e8014b6b25cf246
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1AE06DB02107448BC361BFA5E5887527BE4AF10744F00895DEA92D3691EFF4E5448BA1
                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                            Uniqueness Score: -1.00%